Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-7373

    Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.26
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7372

    Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %1.95
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7371

    Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.73
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7370

    Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 be... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.45
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7369

    The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.84
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7368

    Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.06
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7367

    Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.66
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-7366

    Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled c... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.23
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7365

    Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.26
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-7364

    The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.17
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6059

    The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Eng... Read more

    Affected Products : internet_explorer vbscript jscript
    • EPSS Score: %25.22
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6058

    Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."... Read more

    Affected Products : edge
    • EPSS Score: %18.96
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6057

    Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."... Read more

    Affected Products : edge
    • EPSS Score: %21.10
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6056

    The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerab... Read more

    Affected Products : internet_explorer vbscript jscript
    • EPSS Score: %30.10
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6055

    The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter ... Read more

    Affected Products : internet_explorer vbscript jscript
    • EPSS Score: %44.44
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6053

    Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka "Internet Explorer Information Disclosure Vulnerability."... Read more

    Affected Products : internet_explorer
    • EPSS Score: %27.87
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6052

    The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR... Read more

    Affected Products : internet_explorer vbscript jscript
    • EPSS Score: %21.43
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6051

    Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."... Read more

    Affected Products : internet_explorer
    • EPSS Score: %11.06
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6050

    Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more

    Affected Products : internet_explorer
    • EPSS Score: %30.10
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6049

    Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %21.13
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291804 Results