Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-0254

    Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.... Read more

    Affected Products : ubuntu_linux standard_taglibs
    • EPSS Score: %9.15
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2014-9472

    The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.... Read more

    Affected Products : fedora debian_linux request_tracker
    • EPSS Score: %0.88
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3691

    Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a c... Read more

    Affected Products : openstack foreman
    • EPSS Score: %0.35
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2239

    Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address ... Read more

    Affected Products : chrome
    • EPSS Score: %0.36
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2238

    Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : ubuntu_linux chrome v8
    • EPSS Score: %0.11
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1232

    Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging rend... Read more

    Affected Products : chrome
    • EPSS Score: %0.71
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1231

    Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    • EPSS Score: %1.16
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1230

    The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have u... Read more

    • EPSS Score: %1.73
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1229

    net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection atta... Read more

    • EPSS Score: %0.32
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1228

    The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote... Read more

    • EPSS Score: %1.07
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1227

    The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decodin... Read more

    Affected Products : chrome
    • EPSS Score: %1.02
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1226

    The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended a... Read more

    Affected Products : chrome
    • EPSS Score: %0.32
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1225

    PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.... Read more

    Affected Products : chrome
    • EPSS Score: %0.76
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1224

    The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attacker... Read more

    Affected Products : chrome
    • EPSS Score: %4.08
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1223

    Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via v... Read more

    Affected Products : chrome
    • EPSS Score: %1.23
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1222

    Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or poss... Read more

    Affected Products : chrome
    • EPSS Score: %0.99
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1221

    Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thre... Read more

    Affected Products : chrome
    • EPSS Score: %0.87
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1220

    Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecif... Read more

    • EPSS Score: %3.07
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1219

    Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors t... Read more

    • EPSS Score: %0.90
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1218

    Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a ... Read more

    • EPSS Score: %1.07
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291737 Results