Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-5996

    Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.... Read more

    • EPSS Score: %0.20
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5995

    Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.... Read more

    • EPSS Score: %35.70
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.9

    HIGH
    CVE-2015-5994

    The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain ad... Read more

    • EPSS Score: %0.20
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-2918

    The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.... Read more

    Affected Products : orientdb
    • EPSS Score: %0.44
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-2913

    server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes... Read more

    Affected Products : orientdb
    • EPSS Score: %0.59
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-2912

    The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain... Read more

    Affected Products : orientdb
    • EPSS Score: %0.34
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-2896

    The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.... Read more

    Affected Products : uptime_infrastructure_monitor
    • EPSS Score: %0.26
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2895

    Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.... Read more

    Affected Products : uptime_infrastructure_monitor
    • EPSS Score: %1.84
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-2894

    Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.... Read more

    Affected Products : uptime_infrastructure_monitor
    • EPSS Score: %0.52
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-2876

    Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading... Read more

    • EPSS Score: %0.45
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-2875

    Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full path... Read more

    • EPSS Score: %2.34
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2874

    Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administra... Read more

    • EPSS Score: %4.72
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4876

    Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138.... Read more

    Affected Products : 4690_operating_system
    • EPSS Score: %1.07
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3260

    Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography.... Read more

    Affected Products : 1000_ccu_gms rtu_gms
    • EPSS Score: %0.28
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8703

    ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a differen... Read more

    • EPSS Score: %3.80
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-7794

    Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.... Read more

    Affected Products : cg-wlncm4g_firmware
    • EPSS Score: %0.55
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-7793

    Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.... Read more

    Affected Products : cg-wlbaragm_firmware
    • EPSS Score: %0.55
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7792

    Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.... Read more

    Affected Products : cg-wlbargs_firmware
    • EPSS Score: %3.03
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-7790

    Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wl-330nul_firmware wl-330nul
    • EPSS Score: %0.32
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7789

    ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : wl-330nul wl-33nul_firmware
    • EPSS Score: %0.22
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291589 Results