Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2015-0772

    Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut... Read more

    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0769

    Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546.... Read more

    Affected Products : ios_xr ios_xr_software
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-0768

    The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute ... Read more

    Affected Products : prime_network_control_system
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0774

    Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650.... Read more

    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-0773

    Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.... Read more

    Affected Products : firesight_system_software
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2015-0771

    The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505... Read more

    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0737

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.... Read more

    Affected Products : firesight_system_software
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-4472

    Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4471

    Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4470

    Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4469

    The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4468

    Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4467

    The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9732

    The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereferenc... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4465

    Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : zm_ajax_login_\&_register
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-4171

    strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is comp... Read more

    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4153

    Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admi... Read more

    Affected Products : zm_ajax_login_\&_register
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-4108

    Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or... Read more

    Affected Products : wing_ftp_server
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3923

    Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.... Read more

    Affected Products : coppermine_photo_gallery
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8607

    The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.... Read more

    Affected Products : xcloner
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293280 Results