Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2015-7509

    fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2013-7446

    Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-7783

    Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : pbbs
    • EPSS Score: %0.32
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-7665

    Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, ... Read more

    Affected Products : tails
    • EPSS Score: %0.48
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-6538

    The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.... Read more

    Affected Products : cardio_server
    • EPSS Score: %0.77
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-6537

    SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.... Read more

    Affected Products : cardio_server
    • EPSS Score: %1.05
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-8263

    NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.... Read more

    Affected Products : wnr1000v3_firmware wnr1000v3
    • EPSS Score: %0.28
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8262

    Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.... Read more

    • EPSS Score: %0.28
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-8254

    The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data... Read more

    Affected Products : frontel_protocol
    • EPSS Score: %0.11
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8253

    The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.... Read more

    Affected Products : frontel_protocol
    • EPSS Score: %0.31
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-8252

    The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.... Read more

    Affected Products : frontel_protocol
    • EPSS Score: %0.75
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-6005

    Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names fiel... Read more

    Affected Products : whatsup_gold whatsup_gold
    • EPSS Score: %0.20
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6004

    Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device param... Read more

    Affected Products : whatsup_gold whatsup_gold
    • EPSS Score: %16.90
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-8669

    libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.42
    • Published: Dec. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-6409

    Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.... Read more

    Affected Products : jabber
    • EPSS Score: %0.26
    • Published: Dec. 26, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-8664

    Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array wit... Read more

    Affected Products : chrome
    • EPSS Score: %8.84
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6792

    The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manage... Read more

    Affected Products : chrome
    • EPSS Score: %19.70
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-8663

    The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact vi... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8662

    The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-8661

    The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds arra... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291562 Results