Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-1685

    Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."... Read more

    Affected Products : internet_explorer
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1067

    Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafte... Read more

    Affected Products : mac_os_x iphone_os tvos
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-4667

    IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.... Read more

    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1056

    Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.html and possibly other pages.... Read more

    Affected Products : mfc-j4410dw_firmware mfc-j4410dw
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1048

    Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-4646

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1039

    Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.... Read more

    Affected Products : zfcuser
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-2981

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated a... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-10003

    A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely... Read more

    Affected Products : filezilla_server
    • Published: Jul. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4597

    IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The ... Read more

    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0976

    Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ignition
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0967

    Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/mai... Read more

    Affected Products : searchblox
    • Published: Apr. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5372

    The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML documen... Read more

    Affected Products : websphere_message_broker
    • Published: Oct. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-6178

    Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.... Read more

    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0917

    Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.... Read more

    Affected Products : kajona
    • Published: Jan. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0941

    The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and poss... Read more

    Affected Products : inetc
    • Published: Mar. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0900

    Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : fumy_teachers_schedule_board
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0989

    PACTware 4.1 SP3 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers an internal error.... Read more

    Affected Products : pactware pactware
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0896

    Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : extplorer
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0879

    CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment.... Read more

    Affected Products : al-mail32
    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293554 Results