Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-7906

    LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.... Read more

    • EPSS Score: %0.38
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7413

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.27
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-6481

    The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.... Read more

    Affected Products : oncell_central_manager
    • EPSS Score: %0.25
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-6480

    The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action.... Read more

    Affected Products : oncell_central_manager
    • EPSS Score: %0.25
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5001

    IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted doc... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.65
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-4998

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.27
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-4993

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.23
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1836

    Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to caus... Read more

    Affected Products : infosphere_biginsights hbase
    • EPSS Score: %2.14
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2015-1772

    The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allow... Read more

    Affected Products : hive infosphere_biginsights
    • EPSS Score: %0.16
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6934

    Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a cr... Read more

    • EPSS Score: %2.06
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7756

    The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before ... Read more

    Affected Products : screenos
    • EPSS Score: %0.40
    • Published: Dec. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7755

    Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r... Read more

    Affected Products : screenos
    • EPSS Score: %87.09
    • Published: Dec. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6429

    The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.... Read more

    Affected Products : ios_xe ios
    • EPSS Score: %0.47
    • Published: Dec. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2015-6556

    EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.... Read more

    Affected Products : endpoint_encryption
    • EPSS Score: %0.16
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6428

    Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.... Read more

    • EPSS Score: %0.10
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6427

    Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.40
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6426

    Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.... Read more

    Affected Products : prime_network_services_controller
    • EPSS Score: %0.11
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6424

    The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.... Read more

    • EPSS Score: %0.09
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-8602

    The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inse... Read more

    Affected Products : token_insert_entity
    • EPSS Score: %0.12
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-8601

    The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via ... Read more

    Affected Products : chat_room
    • EPSS Score: %0.14
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291537 Results