Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-6061

    Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Inpu... Read more

    • EPSS Score: %14.16
    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6038

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow re... Read more

    • EPSS Score: %40.82
    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2503

    Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, O... Read more

    • EPSS Score: %19.43
    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-2478

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application t... Read more

    • EPSS Score: %2.96
    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2427

    Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more

    Affected Products : internet_explorer
    • EPSS Score: %28.14
    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1302

    The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js a... Read more

    Affected Products : chrome
    • EPSS Score: %1.23
    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-8105

    Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.... Read more

    Affected Products : opensuse webmail
    • EPSS Score: %0.18
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-8025

    driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.... Read more

    Affected Products : ubuntu_linux xscreensaver
    • EPSS Score: %0.07
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7994

    The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.... Read more

    Affected Products : hana
    • EPSS Score: %1.82
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7993

    The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.... Read more

    Affected Products : hana
    • EPSS Score: %0.41
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-7992

    SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928.... Read more

    Affected Products : hana
    • EPSS Score: %0.38
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7991

    The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854.... Read more

    Affected Products : hana
    • EPSS Score: %0.21
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7828

    SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6)... Read more

    Affected Products : hana
    • EPSS Score: %3.56
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5214

    LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file... Read more

    • EPSS Score: %29.52
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5213

    Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer ... Read more

    • EPSS Score: %7.58
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5212

    Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application ... Read more

    • EPSS Score: %44.54
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4551

    LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a c... Read more

    • EPSS Score: %8.00
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-8100

    The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.... Read more

    Affected Products : net-snmp
    • EPSS Score: %0.14
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6362

    The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640... Read more

    • EPSS Score: %0.11
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-5655

    The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : party_track_sdk
    • EPSS Score: %0.16
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291589 Results