Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2015-7440

    IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.... Read more

    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7434

    IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863.... Read more

    Affected Products : capacity_management_analytics
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7433

    IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862.... Read more

    Affected Products : capacity_management_analytics
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7432

    IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861.... Read more

    Affected Products : capacity_management_analytics
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-7424

    IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force I... Read more

    Affected Products : infosphere_master_data_management
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7423

    Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM... Read more

    Affected Products : infosphere_master_data_management
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-7401

    IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106.... Read more

    Affected Products : curam_social_program_management
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-7344

    HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].... Read more

    Affected Products : hikashop
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-7343

    JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.... Read more

    Affected Products : jnews
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-7342

    JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.... Read more

    Affected Products : jnews
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-7341

    JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.... Read more

    Affected Products : jnews
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-7340

    JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.... Read more

    Affected Products : jevents
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-7339

    JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.... Read more

    Affected Products : jce
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-7338

    SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.... Read more

    Affected Products : acymailing
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-7336

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update t... Read more

    Affected Products : system_update
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2015-7335

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code ... Read more

    Affected Products : system_update
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7334

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe ... Read more

    Affected Products : system_update
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7333

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe ... Read more

    Affected Products : system_update
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-7276

    Technicolor C2000T and C2100T uses hard-coded cryptographic keys.... Read more

    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-7266

    The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and i... Read more

    Affected Products : open_real-time_bidding
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292813 Results