Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-7840

    The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature.... Read more

    Affected Products : log_and_event_manager
    • EPSS Score: %19.52
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7839

    SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.... Read more

    Affected Products : log_and_event_manager
    • EPSS Score: %8.61
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7838

    ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.... Read more

    Affected Products : storage_manager
    • EPSS Score: %16.42
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7730

    SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.... Read more

    • EPSS Score: %1.88
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7729

    Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.... Read more

    Affected Products : hana
    • EPSS Score: %0.48
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7728

    Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security No... Read more

    Affected Products : hana
    • EPSS Score: %0.18
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7727

    Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or... Read more

    Affected Products : hana
    • EPSS Score: %0.60
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7726

    Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 215389... Read more

    Affected Products : hana
    • EPSS Score: %0.18
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7725

    Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecif... Read more

    Affected Products : hana
    • EPSS Score: %1.01
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7361

    FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain... Read more

    Affected Products : fortios
    • EPSS Score: %0.74
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6507

    The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700.... Read more

    Affected Products : hana
    • EPSS Score: %0.06
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7834

    Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome v8
    • EPSS Score: %0.19
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7645

    Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.... Read more

    • Actively Exploited
    • EPSS Score: %84.84
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6763

    Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome
    • EPSS Score: %10.17
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6762

    The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL a... Read more

    Affected Products : chrome
    • EPSS Score: %0.70
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6761

    The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a ... Read more

    Affected Products : chrome ffmpeg
    • EPSS Score: %1.46
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6760

    The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write)... Read more

    Affected Products : chrome
    • EPSS Score: %1.03
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6759

    The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtai... Read more

    Affected Products : chrome
    • EPSS Score: %0.80
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6758

    The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of servic... Read more

    Affected Products : chrome
    • EPSS Score: %0.96
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6757

    Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other imp... Read more

    Affected Products : chrome
    • EPSS Score: %1.58
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291736 Results