Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-3325

    SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.... Read more

    Affected Products : wp_symposium
    • EPSS Score: %1.90
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2250

    Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel pa... Read more

    Affected Products : concrete5
    • EPSS Score: %0.48
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0734

    Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743.... Read more

    • EPSS Score: %0.26
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0728

    Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002.... Read more

    • EPSS Score: %0.26
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0727

    Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789.... Read more

    Affected Products : security_manager
    • EPSS Score: %0.26
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0724

    Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID C... Read more

    • EPSS Score: %0.26
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0634

    Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuq86310.... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.42
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-3987

    Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors.... Read more

    Affected Products : epo_deep_command
    • EPSS Score: %0.07
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3986

    Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for re... Read more

    • EPSS Score: %1.62
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3983

    The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLI... Read more

    Affected Products : pacemaker_configuration_system
    • EPSS Score: %0.60
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3427

    Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because... Read more

    Affected Products : debian_linux quassel
    • EPSS Score: %0.44
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3301

    Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path... Read more

    • EPSS Score: %14.40
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3300

    Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1)... Read more

    • EPSS Score: %3.53
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1848

    The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue wa... Read more

    • EPSS Score: %1.21
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0971

    The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.... Read more

    Affected Products : debian_linux suricata
    • EPSS Score: %0.26
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8162

    XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.... Read more

    Affected Products : network_satellite manager
    • EPSS Score: %0.61
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2012-5849

    Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (... Read more

    Affected Products : clipbucket
    • EPSS Score: %5.14
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2015-2720

    The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file.... Read more

    Affected Products : firefox
    • EPSS Score: %0.08
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2718

    The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is in... Read more

    Affected Products : firefox opensuse
    • EPSS Score: %0.35
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2717

    Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.... Read more

    Affected Products : firefox opensuse
    • EPSS Score: %1.71
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292721 Results