Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-8383

    PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegEx... Read more

    • EPSS Score: %5.87
    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-8382

    The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information... Read more

    • EPSS Score: %1.77
    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8381

    The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|... Read more

    • EPSS Score: %9.05
    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8380

    The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular ex... Read more

    • EPSS Score: %1.24
    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2328

    PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expressi... Read more

    Affected Products : linux pcre
    • EPSS Score: %4.34
    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2327

    PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact... Read more

    • EPSS Score: %4.53
    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6386

    The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data tra... Read more

    Affected Products : web_security_appliance
    • EPSS Score: %0.44
    • Published: Dec. 01, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6385

    The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variab... Read more

    Affected Products : ios
    • EPSS Score: %0.06
    • Published: Dec. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2015-8214

    A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), ... Read more

    • EPSS Score: %1.35
    • Published: Nov. 27, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-6848

    EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.... Read more

    Affected Products : isilon_onefs isilon_onefs
    • EPSS Score: %0.37
    • Published: Nov. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8365

    The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of ser... Read more

    Affected Products : ubuntu_linux ffmpeg
    • EPSS Score: %0.62
    • Published: Nov. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8364

    Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecifie... Read more

    Affected Products : ubuntu_linux ffmpeg
    • EPSS Score: %0.67
    • Published: Nov. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8363

    The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of ... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.48
    • Published: Nov. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6857

    Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.... Read more

    Affected Products : performance_center loadrunner
    • EPSS Score: %2.30
    • Published: Nov. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6382

    Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815.... Read more

    Affected Products : asr_5000_series_software
    • EPSS Score: %0.47
    • Published: Nov. 26, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8103

    The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groo... Read more

    • EPSS Score: %90.56
    • Published: Nov. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5326

    Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.12
    • Published: Nov. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5325

    Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.13
    • Published: Nov. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5324

    Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.21
    • Published: Nov. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5323

    Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.20
    • Published: Nov. 25, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291551 Results