Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-9042

    Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a lin... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9041

    The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5341

    The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.25
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1480

    ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash... Read more

    • EPSS Score: %18.23
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-1479

    SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.... Read more

    • EPSS Score: %8.06
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1478

    Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.... Read more

    Affected Products : j-classifiedsmanager
    • EPSS Score: %3.32
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1477

    SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.... Read more

    Affected Products : j-classifiedsmanager
    • EPSS Score: %0.94
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1476

    Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.... Read more

    Affected Products : ecommercemajor
    • EPSS Score: %0.96
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1475

    Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) ... Read more

    Affected Products : my_little_forum
    • EPSS Score: %0.26
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1437

    Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.... Read more

    Affected Products : rt-n10\+d1_firmware rt-n10\+d1
    • EPSS Score: %0.41
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9331

    Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_... Read more

    Affected Products : manageengine_desktop_central
    • EPSS Score: %2.05
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7864

    Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary S... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %32.18
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-1469

    time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 an... Read more

    Affected Products : hvg_video_gateway_firmware hvg400
    • EPSS Score: %0.28
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0930

    The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.... Read more

    Affected Products : hvg_video_gateway_firmware hvg400
    • EPSS Score: %0.60
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0929

    time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response.... Read more

    Affected Products : hvg_video_gateway_firmware hvg400
    • EPSS Score: %1.09
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0599

    The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and ... Read more

    Affected Products : unified_computing_system
    • EPSS Score: %0.42
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8021

    Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-pa... Read more

    • EPSS Score: %0.28
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-8013

    The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.... Read more

    Affected Products : nx-os
    • EPSS Score: %0.09
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1463

    ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."... Read more

    Affected Products : fedora clamav
    • EPSS Score: %1.49
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1462

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."... Read more

    Affected Products : fedora clamav
    • EPSS Score: %1.22
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290997 Results