Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2014-8920

    Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.... Read more

    Affected Products : i_access
    • EPSS Score: %0.05
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8917

    Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IB... Read more

    • EPSS Score: %0.45
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0235

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 functio... Read more

    • EPSS Score: %85.84
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1419

    Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.... Read more

    Affected Products : opensuse vsftpd vsftpd
    • EPSS Score: %35.29
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1376

    pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.... Read more

    Affected Products : pixabay_images
    • EPSS Score: %70.51
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1375

    pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.... Read more

    Affected Products : pixabay_images
    • EPSS Score: %19.83
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1182

    The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or ... Read more

    Affected Products : opensuse polarssl
    • EPSS Score: %4.46
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8154

    The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vec... Read more

    Affected Products : opensuse vala
    • EPSS Score: %0.89
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-5211

    Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.... Read more

    Affected Products : reflection_ftp_client
    • EPSS Score: %2.38
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1374

    Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unre... Read more

    Affected Products : ferretcms
    • EPSS Score: %1.64
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1373

    Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properl... Read more

    Affected Products : ferretcms
    • EPSS Score: %5.46
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1372

    SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.... Read more

    Affected Products : ferretcms
    • EPSS Score: %1.37
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1371

    Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/.... Read more

    Affected Products : ferretcms
    • EPSS Score: %9.23
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1370

    Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.... Read more

    Affected Products : marked
    • EPSS Score: %0.35
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1369

    SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.... Read more

    Affected Products : sequelize sequelize
    • EPSS Score: %0.36
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1368

    Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/... Read more

    Affected Products : tower
    • EPSS Score: %6.84
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1367

    SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.... Read more

    Affected Products : catbot
    • EPSS Score: %0.42
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1366

    Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.... Read more

    Affected Products : pixabay_images
    • EPSS Score: %3.42
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1365

    Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.... Read more

    Affected Products : pixabay_images
    • EPSS Score: %21.98
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1364

    SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.... Read more

    Affected Products : articlefr
    • EPSS Score: %0.91
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291647 Results