Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2015-7931

    The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the la... Read more

    • EPSS Score: %0.17
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-7930

    Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.... Read more

    • EPSS Score: %0.92
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-8267

    The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.... Read more

    Affected Products : ad_self_password_reset
    • EPSS Score: %0.58
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7929

    eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %1.83
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-7928

    eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.44
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-7927

    Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.54
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.9

    CRITICAL
    CVE-2015-7926

    eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.91
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2015-7925

    Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.21
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-7924

    eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %3.04
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7936

    Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.... Read more

    Affected Products : moscad_ip_gateway_firmware
    • EPSS Score: %0.16
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7935

    Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : moscad_ip_gateway_firmware
    • EPSS Score: %0.73
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-7917

    Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : opc_systems.net opcsystems.net
    • EPSS Score: %0.05
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7911

    Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote att... Read more

    • EPSS Score: %0.89
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6851

    EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.... Read more

    Affected Products : securid_web_agent
    • EPSS Score: %0.05
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-6471

    Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data... Read more

    Affected Products : proview
    • EPSS Score: %0.42
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6431

    Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %0.30
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8373

    The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.... Read more

    Affected Products : kea
    • EPSS Score: %3.06
    • Published: Dec. 22, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-4545

    EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.... Read more

    Affected Products : isilon_onefs isilon_onefs
    • EPSS Score: %0.28
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8458

    Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and O... Read more

    • EPSS Score: %3.44
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7937

    Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.... Read more

    • EPSS Score: %4.68
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291520 Results