Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-7610

    Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecifie... Read more

    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-7609

    Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: May. 30, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7598

    SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.... Read more

    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7597

    SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.... Read more

    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7596

    SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.... Read more

    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-7567

    SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.... Read more

    Affected Products : yeager_cms
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-7559

    It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.... Read more

    Affected Products : activemq jboss_fuse jboss_a-mq
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7556

    DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.... Read more

    Affected Products : delegate
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-7542

    A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.... Read more

    Affected Products : debian_linux leap gwenhywfar
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-7508

    Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP ... Read more

    Affected Products : libnsbmp
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-7507

    libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.... Read more

    Affected Products : libnsbmp
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-7506

    The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.... Read more

    Affected Products : libnsgif
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-7505

    Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.... Read more

    Affected Products : libnsgif
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7486

    Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web scr... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7485

    Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web scr... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-7484

    IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Quer... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7474

    Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to injec... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-7471

    Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) ... Read more

    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-7463

    IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.... Read more

    Affected Products : business_process_manager
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-7461

    XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.... Read more

    Affected Products : connections
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293352 Results