Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-6331

    SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887.... Read more

    Affected Products : prime_collaboration_assurance
    • EPSS Score: %0.29
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6329

    SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.... Read more

    Affected Products : prime_collaboration_provisioning
    • EPSS Score: %0.30
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2015-6322

    The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • EPSS Score: %0.09
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-6318

    Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-5647

    The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.... Read more

    Affected Products : garoon
    • EPSS Score: %0.66
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-5646

    Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.... Read more

    Affected Products : garoon
    • EPSS Score: %0.73
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5443

    HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : 3par_service_processor_sp
    • EPSS Score: %0.21
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-4325

    The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the roo... Read more

    • EPSS Score: %0.09
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-4265

    Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.... Read more

    • EPSS Score: %0.06
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2342

    The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.... Read more

    Affected Products : vcenter_server
    • EPSS Score: %92.03
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1047

    vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.... Read more

    Affected Products : vcenter_server
    • EPSS Score: %2.92
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2015-6263

    The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.... Read more

    Affected Products : ios
    • EPSS Score: %0.30
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-4548

    EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file.... Read more

    • EPSS Score: %0.08
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4547

    EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file.... Read more

    • EPSS Score: %0.51
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1304

    object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.... Read more

    Affected Products : chrome
    • EPSS Score: %1.94
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1303

    bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a craft... Read more

    Affected Products : chrome
    • EPSS Score: %1.26
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5659

    SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : shimane_prefecture_cms
    • EPSS Score: %0.52
    • Published: Oct. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5654

    Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : dojo
    • EPSS Score: %0.30
    • Published: Oct. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5648

    SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : phprechnung
    • EPSS Score: %0.34
    • Published: Oct. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4929

    IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.... Read more

    Affected Products : license_metric_tool
    • EPSS Score: %0.14
    • Published: Oct. 11, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291722 Results