Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-6783

    The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signatu... Read more

    Affected Products : android chrome
    • EPSS Score: %0.25
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6782

    The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibo... Read more

    Affected Products : chrome
    • EPSS Score: %0.78
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6781

    Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or le... Read more

    Affected Products : chrome
    • EPSS Score: %1.72
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6780

    Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site, related to browser/ui/views/website_set... Read more

    Affected Products : chrome
    • EPSS Score: %1.16
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6779

    PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://... Read more

    Affected Products : chrome
    • EPSS Score: %0.60
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6778

    The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a P... Read more

    Affected Products : chrome
    • EPSS Score: %1.34
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6777

    Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possi... Read more

    Affected Products : chrome
    • EPSS Score: %1.58
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6776

    The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 ... Read more

    Affected Products : chrome
    • EPSS Score: %1.64
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6775

    fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion.... Read more

    Affected Products : chrome
    • EPSS Score: %1.22
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6774

    Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified o... Read more

    Affected Products : chrome
    • EPSS Score: %1.34
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6773

    The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impa... Read more

    Affected Products : chrome
    • EPSS Score: %1.72
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6772

    The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that ... Read more

    Affected Products : chrome
    • EPSS Score: %1.23
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6771

    js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecifi... Read more

    Affected Products : chrome
    • EPSS Score: %2.20
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6770

    The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.... Read more

    Affected Products : chrome
    • EPSS Score: %0.96
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6769

    The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing.... Read more

    Affected Products : chrome
    • EPSS Score: %1.23
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6768

    The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.... Read more

    Affected Products : chrome
    • EPSS Score: %0.96
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6767

    Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leve... Read more

    Affected Products : chrome
    • EPSS Score: %1.58
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6766

    Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob ... Read more

    Affected Products : chrome
    • EPSS Score: %1.72
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6765

    Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs.... Read more

    Affected Products : chrome
    • EPSS Score: %4.71
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-6764

    The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-... Read more

    Affected Products : debian_linux chrome node.js
    • EPSS Score: %18.79
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291358 Results