Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-5443

    HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : 3par_service_processor_sp
    • EPSS Score: %0.21
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-4325

    The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the roo... Read more

    • EPSS Score: %0.09
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-4265

    Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.... Read more

    • EPSS Score: %0.06
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2342

    The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.... Read more

    Affected Products : vcenter_server
    • EPSS Score: %92.03
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1047

    vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.... Read more

    Affected Products : vcenter_server
    • EPSS Score: %2.92
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2015-6263

    The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.... Read more

    Affected Products : ios
    • EPSS Score: %0.30
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-4548

    EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file.... Read more

    • EPSS Score: %0.08
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4547

    EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file.... Read more

    • EPSS Score: %0.51
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1304

    object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.... Read more

    Affected Products : chrome
    • EPSS Score: %1.94
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1303

    bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a craft... Read more

    Affected Products : chrome
    • EPSS Score: %1.26
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5659

    SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : shimane_prefecture_cms
    • EPSS Score: %0.52
    • Published: Oct. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5654

    Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : dojo
    • EPSS Score: %0.30
    • Published: Oct. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5648

    SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : phprechnung
    • EPSS Score: %0.34
    • Published: Oct. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4929

    IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.... Read more

    Affected Products : license_metric_tool
    • EPSS Score: %0.14
    • Published: Oct. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7768

    Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.... Read more

    Affected Products : ftp_utility
    • EPSS Score: %69.30
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7767

    Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.... Read more

    Affected Products : ftp_utility
    • EPSS Score: %6.43
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-7766

    PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %77.55
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-7765

    ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %80.85
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5235

    IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.... Read more

    • EPSS Score: %0.94
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5234

    IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page,... Read more

    • EPSS Score: %0.92
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291756 Results