Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-7454

    Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenti... Read more

    • Published: Mar. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2245

    HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.... Read more

    Affected Products : support_assistant
    • Published: Mar. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0283

    Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2287

    Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : 442sr_os 442sr
    • Published: Mar. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-2286

    lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim... Read more

    Affected Products : open_edx
    • Published: Mar. 19, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2016-3155

    Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.... Read more

    Affected Products : apogee_insight
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-2281

    Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.... Read more

    Affected Products : panel_builder_800
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8154

    The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permission... Read more

    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-8153

    SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-8152

    Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to... Read more

    Affected Products : endpoint_protection_manager
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-9768

    IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of ava... Read more

    Affected Products : tivoli_netview_access_services
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-1996

    HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1995

    HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1994

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1993

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-5968

    Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : filr
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3191

    The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrar... Read more

    Affected Products : pcre pcre2
    • Published: Mar. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2345

    Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.... Read more

    Affected Products : mini_remote_control
    • Published: Mar. 17, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-2342

    The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote at... Read more

    Affected Products : debian_linux quagga
    • Published: Mar. 17, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1992

    HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    • Published: Mar. 17, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292797 Results