Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-7915

    Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : moduweb_vision
    • EPSS Score: %0.76
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7914

    Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.... Read more

    Affected Products : moduweb_vision
    • EPSS Score: %0.78
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0862

    General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.... Read more

    • EPSS Score: %19.23
    • Published: Feb. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-0861

    General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : ups_snmp_web_adapter_firmware
    • EPSS Score: %10.06
    • Published: Feb. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-1284

    rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.... Read more

    Affected Products : bind
    • EPSS Score: %9.48
    • Published: Feb. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8269

    The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.... Read more

    Affected Products : smart_toy_bear
    • EPSS Score: %0.79
    • Published: Feb. 04, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1906

    Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.... Read more

    Affected Products : kubernetes origin
    • EPSS Score: %1.56
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-1905

    The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.13
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2016-1505

    The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.... Read more

    Affected Products : windows radicale
    • EPSS Score: %1.35
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-8748

    Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".... Read more

    Affected Products : radicale
    • EPSS Score: %0.57
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-8747

    The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.... Read more

    Affected Products : radicale
    • EPSS Score: %1.81
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7546

    The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization t... Read more

    Affected Products : solaris keystone keystonemiddleware
    • EPSS Score: %0.10
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2015-7539

    The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %1.04
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-7538

    Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.20
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-7537

    Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.18
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-7536

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.... Read more

    Affected Products : jenkins
    • EPSS Score: %0.21
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-5344

    The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.... Read more

    Affected Products : camel
    • EPSS Score: %4.97
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2213

    The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2199

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators... Read more

    Affected Products : vulnerability_manager
    • EPSS Score: %0.12
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2049

    examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of ar... Read more

    Affected Products : php-openid
    • EPSS Score: %0.40
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291736 Results