Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2015-6467

    Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.62
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6423

    The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.... Read more

    • EPSS Score: %0.15
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6336

    Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062.... Read more

    • EPSS Score: %0.45
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6323

    The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.... Read more

    Affected Products : identity_services_engine_software
    • EPSS Score: %1.49
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6320

    The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138.... Read more

    • EPSS Score: %0.53
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6314

    Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.... Read more

    • EPSS Score: %1.07
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-5007

    Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequ... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.11
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-3948

    Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.27
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2015-3947

    SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.26
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-3946

    Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.11
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-3943

    Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.32
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-0778

    The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote... Read more

    • EPSS Score: %3.25
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0777

    The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a pr... Read more

    • EPSS Score: %66.39
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8605

    ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.... Read more

    • EPSS Score: %43.97
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0947

    Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and O... Read more

    • EPSS Score: %0.18
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0946

    Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %2.59
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0945

    Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %2.59
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0944

    Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %2.59
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0943

    Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the Global object, which allows attackers to bypass JavaScri... Read more

    • EPSS Score: %6.05
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0942

    Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %2.59
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291520 Results