Total
29895 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7995 | 2 Apple, Xmlsoft | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2026-06-17 | 5.0 MEDIUM | N/A |
| The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. | |||||
| CVE-2015-7988 | 1 Apple | 6 Airport Base Station, Airport Base Station Firmware, Iphone Os and 3 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
| CVE-2015-7930 | 1 Adcon | 1 A840 Telemetry Gateway Base Station Firmware | 2026-06-17 | 10.0 HIGH | 10.0 CRITICAL |
| Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
| CVE-2015-7924 | 1 Ewon | 1 Ewon Firmware | 2026-06-17 | 7.5 HIGH | 8.8 HIGH |
| eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2015-7917 | 1 Opcsystems | 1 Opc Systems.net | 2026-06-17 | 6.9 MEDIUM | 7.2 HIGH |
| Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2015-7913 | 1 Tibbo | 1 Aggregate | 2026-06-17 | 7.2 HIGH | N/A |
| ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class. | |||||
| CVE-2015-7912 | 1 Tibbo | 1 Aggregate | 2026-06-17 | 10.0 HIGH | N/A |
| The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document. | |||||
| CVE-2015-7904 | 1 Infinite Automation Systems | 1 Mango Automation | 2026-06-17 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. | |||||
| CVE-2015-7866 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2026-06-17 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe. | |||||
| CVE-2015-7825 | 1 Botan Project | 1 Botan | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. | |||||
| CVE-2015-7823 | 1 Kentico | 1 Kentico Cms | 2026-06-17 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter. | |||||
| CVE-2015-7816 | 1 Matomo | 1 Matomo | 2026-06-17 | 7.5 HIGH | N/A |
| The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header. | |||||
| CVE-2015-7803 | 2 Apple, Php | 2 Mac Os X, Php | 2026-06-17 | 6.8 MEDIUM | N/A |
| The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. | |||||
| CVE-2015-7801 | 2 Canonical, Optipng Project | 2 Ubuntu Linux, Optipng | 2026-06-17 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file. | |||||
| CVE-2015-7799 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 4.9 MEDIUM | N/A |
| The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. | |||||
| CVE-2015-7773 | 1 Bastian Allgeier | 1 Kirby | 2026-06-17 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension. | |||||
| CVE-2015-7765 | 1 Zohocorp | 1 Manageengine Opmanager | 2026-06-17 | 9.0 HIGH | N/A |
| ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password. | |||||
| CVE-2015-7712 | 1 Atutor | 1 Atutor | 2026-06-17 | 6.5 MEDIUM | N/A |
| Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter. | |||||
| CVE-2015-7684 | 1 Glpi-project | 1 Glpi | 2026-06-17 | 9.0 HIGH | N/A |
| Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/. | |||||
| CVE-2015-7663 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2026-06-17 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. | |||||