Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-2898

    Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the F... Read more

    Affected Products : medcin_engine
    • EPSS Score: %13.00
    • Published: Oct. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7649

    Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %6.40
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-6034

    EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file.... Read more

    Affected Products : network_utility
    • EPSS Score: %0.04
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8912

    IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information ... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.22
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7904

    Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.... Read more

    Affected Products : mango_automation
    • EPSS Score: %2.86
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7903

    SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : mango_automation
    • EPSS Score: %0.26
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7902

    Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.... Read more

    Affected Products : mango_automation
    • EPSS Score: %7.59
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7901

    Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : mango_automation
    • EPSS Score: %2.82
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7900

    Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.... Read more

    Affected Products : mango_automation
    • EPSS Score: %6.59
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7873

    The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.53
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-7836

    Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.... Read more

    Affected Products : ruggedcom_rugged_operating_system
    • EPSS Score: %0.27
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6494

    Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mango_automation
    • EPSS Score: %0.42
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6493

    Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : mango_automation
    • EPSS Score: %0.18
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6492

    Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.... Read more

    • EPSS Score: %9.57
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6491

    Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.... Read more

    • EPSS Score: %0.57
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6490

    Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %0.92
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6488

    Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.36
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6486

    SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    • EPSS Score: %0.05
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5713

    Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to ob... Read more

    • EPSS Score: %0.31
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5712

    Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated u... Read more

    • EPSS Score: %0.20
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291756 Results