Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-4993

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.23
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1836

    Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to caus... Read more

    Affected Products : infosphere_biginsights hbase
    • EPSS Score: %2.14
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2015-1772

    The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allow... Read more

    Affected Products : hive infosphere_biginsights
    • EPSS Score: %0.16
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6934

    Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a cr... Read more

    • EPSS Score: %2.06
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7756

    The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before ... Read more

    Affected Products : screenos
    • EPSS Score: %0.40
    • Published: Dec. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7755

    Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r... Read more

    Affected Products : screenos
    • EPSS Score: %87.09
    • Published: Dec. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6429

    The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.... Read more

    Affected Products : ios_xe ios
    • EPSS Score: %0.47
    • Published: Dec. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2015-6556

    EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.... Read more

    Affected Products : endpoint_encryption
    • EPSS Score: %0.16
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6428

    Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.... Read more

    • EPSS Score: %0.10
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6427

    Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.40
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6426

    Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.... Read more

    Affected Products : prime_network_services_controller
    • EPSS Score: %0.11
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6424

    The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.... Read more

    • EPSS Score: %0.09
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-8602

    The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inse... Read more

    Affected Products : token_insert_entity
    • EPSS Score: %0.12
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-8601

    The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via ... Read more

    Affected Products : chat_room
    • EPSS Score: %0.14
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8600

    The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.... Read more

    Affected Products : mobile_platform
    • EPSS Score: %0.32
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8369

    SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.... Read more

    Affected Products : cacti
    • EPSS Score: %0.50
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-8368

    ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.... Read more

    Affected Products : ntopng
    • EPSS Score: %3.20
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8341

    The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and dis... Read more

    Affected Products : xen
    • EPSS Score: %0.73
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2015-8340

    The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange... Read more

    Affected Products : xen
    • EPSS Score: %0.07
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2015-8339

    The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardow... Read more

    Affected Products : xen
    • EPSS Score: %0.10
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291551 Results