Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-1384

    Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid parameter in the BannerEffectOptions page to wp-admin/options... Read more

    Affected Products : banner_effect_header
    • EPSS Score: %0.27
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1382

    parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.... Read more

    Affected Products : debian_linux opensuse privoxy
    • EPSS Score: %2.21
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1381

    Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.... Read more

    Affected Products : debian_linux opensuse privoxy
    • EPSS Score: %2.21
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1380

    jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.... Read more

    Affected Products : opensuse solaris privoxy
    • EPSS Score: %1.01
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1348

    Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface.... Read more

    • EPSS Score: %0.54
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9633

    The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.... Read more

    Affected Products : backup
    • EPSS Score: %4.83
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-9574

    Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.... Read more

    Affected Products : fluxbb
    • EPSS Score: %1.24
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9568

    puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.... Read more

    Affected Products : rabbitmq
    • EPSS Score: %0.13
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9559

    Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search.... Read more

    Affected Products : snipsnap
    • EPSS Score: %0.32
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9556

    Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.... Read more

    Affected Products : opensuse libmspack libmspack
    • EPSS Score: %1.29
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9328

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."... Read more

    Affected Products : fedora clamav
    • EPSS Score: %4.20
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2014-8779

    Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.... Read more

    Affected Products : pexip_infinity
    • EPSS Score: %0.28
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5360

    Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx.... Read more

    Affected Products : landesk_management_suite
    • EPSS Score: %0.32
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0313

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in th... Read more

    • Actively Exploited
    • EPSS Score: %93.17
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-1454

    Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify config... Read more

    Affected Products : proxyclient unified_agent
    • EPSS Score: %0.17
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1453

    The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared P... Read more

    Affected Products : forticlient
    • EPSS Score: %0.16
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1452

    The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.... Read more

    Affected Products : fortios
    • EPSS Score: %0.98
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1451

    Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.... Read more

    Affected Products : fortios
    • EPSS Score: %0.24
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0223

    Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.... Read more

    Affected Products : qpid
    • EPSS Score: %2.28
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-8613

    The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.69
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291002 Results