Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2015-6005

    Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names fiel... Read more

    Affected Products : whatsup_gold whatsup_gold
    • EPSS Score: %0.20
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6004

    Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device param... Read more

    Affected Products : whatsup_gold whatsup_gold
    • EPSS Score: %16.90
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-8669

    libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.42
    • Published: Dec. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-6409

    Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.... Read more

    Affected Products : jabber
    • EPSS Score: %0.26
    • Published: Dec. 26, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-8664

    Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array wit... Read more

    Affected Products : chrome
    • EPSS Score: %8.84
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6792

    The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manage... Read more

    Affected Products : chrome
    • EPSS Score: %19.70
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-8663

    The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact vi... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8662

    The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-8661

    The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds arra... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-7934

    The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.... Read more

    • EPSS Score: %0.27
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-7932

    Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    • EPSS Score: %0.30
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.7

    HIGH
    CVE-2015-7931

    The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the la... Read more

    • EPSS Score: %0.17
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-7930

    Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.... Read more

    • EPSS Score: %0.92
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-8267

    The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.... Read more

    Affected Products : ad_self_password_reset
    • EPSS Score: %0.58
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7929

    eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %1.83
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-7928

    eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.44
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-7927

    Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.54
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.9

    CRITICAL
    CVE-2015-7926

    eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.91
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2015-7925

    Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.21
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-7924

    eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %3.04
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291551 Results