Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-6007

    Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users.... Read more

    Affected Products : refbase
    • EPSS Score: %0.10
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-3974

    EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacifi... Read more

    • EPSS Score: %0.43
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-9202

    Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.27
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6475

    Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : danfoss_tlx_pro\+ servemaster_tlp\+
    • EPSS Score: %0.49
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6474

    IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code.... Read more

    Affected Products : danfoss_tlx_pro\+ servemaster_tlp\+
    • EPSS Score: %0.36
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-6470

    Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors.... Read more

    Affected Products : data_manager
    • EPSS Score: %0.17
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6469

    The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors.... Read more

    Affected Products : danfoss_tlx_pro\+ servemaster_tlp\+
    • EPSS Score: %0.36
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6468

    Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : data_manager
    • EPSS Score: %0.06
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6454

    Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service (incorrect pointer dereference and daemon crash) via a crafted packet.... Read more

    Affected Products : peakhmi
    • EPSS Score: %0.84
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6306

    Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.... Read more

    • EPSS Score: %3.55
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6305

    Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current workin... Read more

    • EPSS Score: %2.64
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6302

    The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419.... Read more

    • EPSS Score: %0.46
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6282

    Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %0.41
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4543

    EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields.... Read more

    Affected Products : rsa_archer_grc
    • EPSS Score: %0.46
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4542

    EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors.... Read more

    Affected Products : rsa_archer_grc
    • EPSS Score: %0.48
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4541

    Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rsa_archer_grc
    • EPSS Score: %0.34
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4540

    Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.22
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4539

    Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.31
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7375

    Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file.... Read more

    Affected Products : web_studio indusoft_web_studio
    • EPSS Score: %1.27
    • Published: Sep. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7374

    The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649.... Read more

    Affected Products : web_studio indusoft_web_studio
    • EPSS Score: %1.37
    • Published: Sep. 25, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results