Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2016-0234

    IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.... Read more

    Affected Products : openpages_grc_platform
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-0223

    Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006.... Read more

    Affected Products : forms_server
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-0219

    XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via cr... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-0215

    IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle comp... Read more

    Affected Products : linux_kernel aix hp-ux db2 solaris windows
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0207

    IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399.... Read more

    Affected Products : algo_risk_application
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-0205

    A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394.... Read more

    Affected Products : cloud_orchestrator
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-9551

    An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.... Read more

    • Published: Nov. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9550

    An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.... Read more

    • Published: Nov. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9549

    A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php.... Read more

    Affected Products : ocportal
    • Published: Aug. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9548

    An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-9547

    An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exceptio... Read more

    Affected Products : android
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-9546

    An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert direct... Read more

    Affected Products : android
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2015-9545

    An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this i... Read more

    Affected Products : cross_domain_local_storage
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2015-9544

    An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can ... Read more

    Affected Products : cross_domain_local_storage
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-9543

    An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setu... Read more

    Affected Products : nova
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9542

    add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the p... Read more

    Affected Products : ubuntu_linux debian_linux pam_radius
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9541

    Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.... Read more

    Affected Products : fedora qt
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9540

    Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.... Read more

    Affected Products : chamilo_lms
    • Published: Jan. 04, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9539

    The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.... Read more

    Affected Products : fast_secure_contact_form
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9538

    The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.... Read more

    Affected Products : nextgen_gallery
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results