Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-7336

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update t... Read more

    Affected Products : system_update
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2015-7335

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code ... Read more

    Affected Products : system_update
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7334

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe ... Read more

    Affected Products : system_update
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7333

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe ... Read more

    Affected Products : system_update
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-7276

    Technicolor C2000T and C2100T uses hard-coded cryptographic keys.... Read more

    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-7266

    The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and i... Read more

    Affected Products : open_real-time_bidding
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-6970

    The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.... Read more

    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-6964

    MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occ... Read more

    Affected Products : multibit_hd
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-6960

    edx-platform before 2015-09-17 allows XSS via a team name.... Read more

    Affected Products : edx-platform
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-6926

    The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.... Read more

    Affected Products : eshop
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-6922

    Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative ... Read more

    Affected Products : virtual_system_administrator
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-6815

    The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vec... Read more

    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-6591

    Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter.... Read more

    Affected Products : articlefr
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6589

    Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files... Read more

    Affected Products : virtual_system_administrator
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-6569

    Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.... Read more

    Affected Products : floodlight
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-6544

    Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.... Read more

    Affected Products : itop
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6497

    The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execut... Read more

    Affected Products : php magento
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-6495

    There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.... Read more

    Affected Products : cloudera_manager
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-6462

    Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342... Read more

    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-6461

    Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC we... Read more

    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292916 Results