Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-4000

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHel... Read more

    • Published: May. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3141

    Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a r... Read more

    Affected Products : xeams
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-4902

    Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (... Read more

    Affected Products : template_cms
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4901

    Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php.... Read more

    Affected Products : template_cms
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4016

    The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.... Read more

    Affected Products : steam_client steam
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3999

    Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.... Read more

    Affected Products : ccleaner
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-3990

    The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.... Read more

    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1188

    The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.... Read more

    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-6691

    Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admi... Read more

    Affected Products : oscmax
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-3243

    Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from thi... Read more

    Affected Products : seogento
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2012-1665

    Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitra... Read more

    Affected Products : oscmax
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1664

    Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_p... Read more

    Affected Products : oscmax
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3910

    Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome v8
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1903

    Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.... Read more

    Affected Products : domino
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1902

    Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.... Read more

    Affected Products : domino
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1265

    Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : debian_linux chrome
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1264

    Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.... Read more

    Affected Products : debian_linux chrome
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1263

    The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified oth... Read more

    Affected Products : debian_linux chrome
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1262

    platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted U... Read more

    Affected Products : debian_linux chrome
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1261

    android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to... Read more

    Affected Products : debian_linux chrome
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293351 Results