Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2015-5349

    The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imp... Read more

    Affected Products : directory_studio ldap_studio
    • EPSS Score: %1.43
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5329

    The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed o... Read more

    Affected Products : openstack
    • EPSS Score: %0.45
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2015-5313

    Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:wr... Read more

    Affected Products : libvirt
    • EPSS Score: %0.06
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5303

    The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret p... Read more

    Affected Products : tripleo_heat_templates
    • EPSS Score: %0.33
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-5233

    Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_... Read more

    Affected Products : satellite foreman
    • EPSS Score: %0.13
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2014-9759

    Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.29
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0735

    Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.... Read more

    Affected Products : ranger
    • EPSS Score: %0.14
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-0266

    The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.... Read more

    Affected Products : ranger
    • EPSS Score: %0.11
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-0265

    Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.... Read more

    Affected Products : ranger
    • EPSS Score: %2.01
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3678

    Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.... Read more

    • EPSS Score: %0.28
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2016-3676

    Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network.... Read more

    Affected Products : e3276s_firmware e3276s
    • EPSS Score: %0.04
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-3675

    SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.... Read more

    • EPSS Score: %0.08
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3659

    SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.... Read more

    Affected Products : cacti
    • EPSS Score: %0.59
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-3065

    The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a... Read more

    Affected Products : postgresql
    • EPSS Score: %1.12
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2385

    Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arb... Read more

    Affected Products : debian_linux kamailio
    • EPSS Score: %25.30
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2193

    PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.... Read more

    Affected Products : postgresql
    • EPSS Score: %1.53
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-1235

    The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.... Read more

    Affected Products : debian_linux oar
    • EPSS Score: %1.04
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2012-6700

    The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.... Read more

    Affected Products : debian_linux dhcpcd
    • EPSS Score: %0.51
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2012-6699

    The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.... Read more

    Affected Products : debian_linux dhcpcd
    • EPSS Score: %0.56
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2012-6698

    The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.... Read more

    Affected Products : debian_linux dhcpcd
    • EPSS Score: %0.56
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292318 Results