Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-7830

    The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application cras... Read more

    Affected Products : wireshark solaris
    • EPSS Score: %0.57
    • Published: Nov. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2015-3977

    Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HART reply.... Read more

    Affected Products : imt25_magnetic_flow_dtm
    • EPSS Score: %0.13
    • Published: Nov. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7774

    PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role.... Read more

    Affected Products : php pwebmanager
    • EPSS Score: %0.50
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7427

    IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easie... Read more

    Affected Products : datapower_gateway
    • EPSS Score: %0.22
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-7419

    IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.94
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-7404

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for ... Read more

    • EPSS Score: %0.03
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6367

    Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374.... Read more

    • EPSS Score: %0.43
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6365

    Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303... Read more

    Affected Products : ios
    • EPSS Score: %0.18
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6364

    Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960.... Read more

    • EPSS Score: %0.25
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2013-5229

    The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restri... Read more

    Affected Products : mac_os_x apple_remote_desktop
    • EPSS Score: %0.06
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8126

    Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial o... Read more

    • EPSS Score: %4.76
    • Published: Nov. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7905

    Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.... Read more

    Affected Products : visilogic_oplc_ide
    • EPSS Score: %12.79
    • Published: Nov. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6478

    Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.... Read more

    Affected Products : visilogic_oplc_ide
    • EPSS Score: %2.60
    • Published: Nov. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6366

    Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.... Read more

    Affected Products : ios
    • EPSS Score: %0.36
    • Published: Nov. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6045

    Use-after-free vulnerability in the CElement object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript that improperly interacts with u... Read more

    Affected Products : internet_explorer
    • EPSS Score: %34.44
    • Published: Nov. 13, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-2698

    The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption)... Read more

    Affected Products : kerberos_5 kerberos
    • EPSS Score: %1.17
    • Published: Nov. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-8113

    Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incom... Read more

    Affected Products : endpoint_protection
    • EPSS Score: %0.24
    • Published: Nov. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-7820

    Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.j... Read more

    • EPSS Score: %0.21
    • Published: Nov. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7819

    The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly... Read more

    • EPSS Score: %0.22
    • Published: Nov. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-7818

    The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deploym... Read more

    • EPSS Score: %0.05
    • Published: Nov. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291295 Results