Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2015-5663

    The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.... Read more

    Affected Products : winrar
    • EPSS Score: %0.08
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8467

    The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which a... Read more

    Affected Products : ubuntu_linux debian_linux samba
    • EPSS Score: %0.59
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7791

    Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.... Read more

    Affected Products : welcart welcart_e-commerce
    • EPSS Score: %0.31
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7540

    The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted ... Read more

    Affected Products : ubuntu_linux debian_linux samba
    • EPSS Score: %17.10
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5330

    ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted pa... Read more

    Affected Products : samba
    • EPSS Score: %0.70
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-5299

    The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attacker... Read more

    Affected Products : ubuntu_linux debian_linux samba
    • EPSS Score: %9.10
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-5296

    Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server... Read more

    Affected Products : ubuntu_linux debian_linux samba
    • EPSS Score: %4.48
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-5252

    vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outsid... Read more

    Affected Products : ubuntu_linux debian_linux samba
    • EPSS Score: %16.00
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-3223

    The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of... Read more

    Affected Products : samba
    • EPSS Score: %5.60
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-7786

    Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web_analytics_service
    • EPSS Score: %0.31
    • Published: Dec. 29, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8651

    Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233... Read more

    • Actively Exploited
    • EPSS Score: %89.78
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8650

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %3.30
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8649

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %3.30
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8648

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %3.30
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8647

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %3.30
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8646

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %5.04
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8645

    Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to ... Read more

    • EPSS Score: %7.03
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8644

    Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to ... Read more

    • EPSS Score: %49.46
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8643

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %5.04
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8642

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %5.04
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291520 Results