Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-8036

    Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session... Read more

    • EPSS Score: %0.92
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6031

    Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" X... Read more

    • EPSS Score: %3.23
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5534

    Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) condu... Read more

    Affected Products : oxwall
    • EPSS Score: %1.18
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5470

    The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a reques... Read more

    Affected Products : authoritative recursor
    • EPSS Score: %2.06
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5308

    Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champt... Read more

    Affected Products : wp-championship
    • EPSS Score: %0.92
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5291

    Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hos... Read more

    • EPSS Score: %1.70
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-5210

    Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.... Read more

    Affected Products : ambari
    • EPSS Score: %0.99
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-3270

    Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.... Read more

    Affected Products : ambari
    • EPSS Score: %1.02
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3186

    Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.... Read more

    Affected Products : ambari
    • EPSS Score: %0.20
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-1775

    Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.... Read more

    Affected Products : ambari
    • EPSS Score: %0.34
    • Published: Nov. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6354

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.28
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6353

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.28
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6343

    The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.... Read more

    Affected Products : ios
    • EPSS Score: %0.68
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6033

    Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.... Read more

    Affected Products : iq_panel
    • EPSS Score: %0.13
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6032

    Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.... Read more

    Affected Products : iq_panel
    • EPSS Score: %0.51
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-5667

    Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.... Read more

    Affected Products : html-scrubber
    • EPSS Score: %0.48
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8030

    SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %2.33
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8029

    SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %2.23
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8028

    Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %9.54
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7972

    The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allow... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291812 Results