Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-2838

    Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacter... Read more

    Affected Products : netscaler
    • EPSS Score: %4.31
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0225

    The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI... Read more

    Affected Products : cassandra
    • EPSS Score: %0.90
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0995

    Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.... Read more

    Affected Products : ignition
    • EPSS Score: %0.27
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0994

    Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.... Read more

    Affected Products : ignition
    • EPSS Score: %0.25
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-0993

    Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : ignition
    • EPSS Score: %0.27
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0992

    Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : ignition
    • EPSS Score: %0.06
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0991

    Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.... Read more

    Affected Products : ignition
    • EPSS Score: %0.53
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2015-0990

    Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.... Read more

    Affected Products : integraxor
    • EPSS Score: %0.06
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0976

    Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ignition
    • EPSS Score: %0.54
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0903

    Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file.... Read more

    Affected Products : editor
    • EPSS Score: %3.17
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0902

    The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source... Read more

    Affected Products : all_in_one_seo_pack
    • EPSS Score: %0.57
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-0684

    SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.... Read more

    • EPSS Score: %0.31
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0683

    Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.... Read more

    • EPSS Score: %0.18
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-0682

    Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.... Read more

    • EPSS Score: %1.22
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0666

    Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.... Read more

    Affected Products : prime_data_center_network_manager
    • Actively Exploited
    • EPSS Score: %68.97
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2014-8390

    Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.... Read more

    Affected Products : vampset
    • EPSS Score: %0.16
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-5405

    Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.... Read more

    Affected Products : mednet
    • EPSS Score: %0.30
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-5403

    Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : mednet
    • EPSS Score: %0.53
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5400

    The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.... Read more

    Affected Products : mednet
    • EPSS Score: %0.06
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2015-0687

    The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID... Read more

    • EPSS Score: %0.34
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292048 Results