Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2015-8663

    The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact vi... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8662

    The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-8661

    The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds arra... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-7934

    The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.... Read more

    • EPSS Score: %0.27
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-7932

    Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    • EPSS Score: %0.30
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 8.7

    HIGH
    CVE-2015-7931

    The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the la... Read more

    • EPSS Score: %0.17
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-7930

    Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.... Read more

    • EPSS Score: %0.92
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-8267

    The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.... Read more

    Affected Products : ad_self_password_reset
    • EPSS Score: %0.58
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7929

    eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %1.83
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-7928

    eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.44
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-7927

    Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.54
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.9

    CRITICAL
    CVE-2015-7926

    eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.91
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2015-7925

    Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.21
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-7924

    eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %3.04
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7936

    Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.... Read more

    Affected Products : moscad_ip_gateway_firmware
    • EPSS Score: %0.16
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7935

    Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : moscad_ip_gateway_firmware
    • EPSS Score: %0.73
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-7917

    Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : opc_systems.net opcsystems.net
    • EPSS Score: %0.05
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7911

    Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote att... Read more

    • EPSS Score: %0.89
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6851

    EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.... Read more

    Affected Products : securid_web_agent
    • EPSS Score: %0.05
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-6471

    Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data... Read more

    Affected Products : proview
    • EPSS Score: %0.42
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291625 Results