Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2015-1775

    Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.... Read more

    Affected Products : ambari
    • EPSS Score: %0.34
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6354

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.28
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6353

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.28
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6343

    The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.... Read more

    Affected Products : ios
    • EPSS Score: %0.68
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6033

    Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.... Read more

    Affected Products : iq_panel
    • EPSS Score: %0.13
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6032

    Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.... Read more

    Affected Products : iq_panel
    • EPSS Score: %0.51
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-5667

    Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.... Read more

    Affected Products : html-scrubber
    • EPSS Score: %0.48
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8030

    SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %2.33
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8029

    SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %2.23
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8028

    Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %9.54
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7972

    The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allow... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7971

    Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which ar... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-7970

    The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents... Read more

    Affected Products : xen
    • EPSS Score: %0.12
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-7969

    Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using t... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-7835

    The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.... Read more

    Affected Products : xen
    • EPSS Score: %0.12
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2015-7814

    Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENME... Read more

    Affected Products : xen
    • EPSS Score: %0.08
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7813

    Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly... Read more

    Affected Products : xen
    • EPSS Score: %0.11
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6352

    Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCu... Read more

    • EPSS Score: %0.28
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6351

    Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781.... Read more

    • EPSS Score: %0.47
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6350

    SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.... Read more

    Affected Products : prime_service_catalog
    • EPSS Score: %0.29
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291623 Results