Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-8473

    The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.... Read more

    Affected Products : debian_linux redmine
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-8346

    app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.... Read more

    Affected Products : debian_linux redmine
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8021

    Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before ... Read more

    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5167

    The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.... Read more

    Affected Products : ranger
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-3268

    Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description ... Read more

    Affected Products : ofbiz open_for_business_project
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3987

    The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.... Read more

    Affected Products : password_manager
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3986

    Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.... Read more

    Affected Products : avast
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3985

    The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.... Read more

    Affected Products : pulse_connect_secure
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-2857

    The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.... Read more

    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 6.2

    MEDIUM
    CVE-2016-1885

    Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which t... Read more

    Affected Products : freebsd
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1568

    Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO ... Read more

    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8841

    Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation file of type SIS_FILE_MULTILANG.... Read more

    Affected Products : nod32_antivirus nod32
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8833

    Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy... Read more

    Affected Products : pidgin-otr
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-8108

    The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive ... Read more

    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-5158

    Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor... Read more

    Affected Products : qemu
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8710

    The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML c... Read more

    Affected Products : debian_linux libxml2
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8708

    Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of a... Read more

    Affected Products : claws-mail
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8614

    Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese charact... Read more

    Affected Products : leap opensuse claws-mail
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-8604

    SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.... Read more

    Affected Products : cacti
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8399

    Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.... Read more

    Affected Products : confluence
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292802 Results