Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-1332

    The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.... Read more

    Affected Products : ubuntu_linux oxide
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1591

    IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo... Read more

    Affected Products : datapower_gateway
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-1838

    modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.... Read more

    Affected Products : fedora salt
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-1854

    389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.... Read more

    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-1694

    IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.... Read more

    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1710

    A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.... Read more

    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2015-4100

    Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."... Read more

    Affected Products : puppet_enterprise
    • Published: Dec. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1746

    IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.... Read more

    Affected Products : jazz_for_service_management
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1751

    IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti... Read more

    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1757

    IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.... Read more

    Affected Products : security_guardium
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-5177

    Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.... Read more

    Affected Products : debian_linux openslp
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-5594

    The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.... Read more

    Affected Products : zenphoto
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-7501

    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Por... Read more

    • Published: Nov. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7504

    Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.... Read more

    Affected Products : debian_linux qemu xen
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7945

    The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DR... Read more

    Affected Products : ganeti
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8010

    Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.... Read more

    Affected Products : leap icinga leap
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-8138

    NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.... Read more

    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2015-8556

    Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.... Read more

    Affected Products : qemu
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8608

    The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.... Read more

    Affected Products : perl
    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2015-8763

    The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.... Read more

    Affected Products : freeradius
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294745 Results