Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2015-6851

    EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.... Read more

    Affected Products : securid_web_agent
    • EPSS Score: %0.05
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-6471

    Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data... Read more

    Affected Products : proview
    • EPSS Score: %0.42
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6431

    Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %0.30
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8373

    The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.... Read more

    Affected Products : kea
    • EPSS Score: %3.06
    • Published: Dec. 22, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-4545

    EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.... Read more

    Affected Products : isilon_onefs isilon_onefs
    • EPSS Score: %0.28
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8458

    Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and O... Read more

    • EPSS Score: %3.44
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7937

    Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.... Read more

    • EPSS Score: %4.68
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-7919

    SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.... Read more

    Affected Products : searchblox
    • EPSS Score: %0.57
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7908

    Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.... Read more

    • EPSS Score: %0.29
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-7907

    Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or ... Read more

    Affected Products : midas_black_firmware midas_firmware
    • EPSS Score: %0.30
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7906

    LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.... Read more

    • EPSS Score: %0.38
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7413

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.27
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-6481

    The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.... Read more

    Affected Products : oncell_central_manager
    • EPSS Score: %0.25
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-6480

    The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action.... Read more

    Affected Products : oncell_central_manager
    • EPSS Score: %0.25
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5001

    IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted doc... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.65
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-4998

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.27
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-4993

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.23
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1836

    Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to caus... Read more

    Affected Products : infosphere_biginsights hbase
    • EPSS Score: %2.14
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2015-1772

    The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allow... Read more

    Affected Products : hive infosphere_biginsights
    • EPSS Score: %0.16
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6934

    Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a cr... Read more

    • EPSS Score: %2.06
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291647 Results