Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2015-4947

    Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote aut... Read more

    Affected Products : http_server
    • EPSS Score: %4.62
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4980

    Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.16
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1943

    IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted r... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.94
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9745

    The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.... Read more

    • EPSS Score: %2.68
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5998

    Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command.... Read more

    Affected Products : impero_education_pro
    • EPSS Score: %0.55
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5997

    Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data.... Read more

    Affected Products : impero_education_pro
    • EPSS Score: %0.41
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6830

    libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct ... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %30.43
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6290

    Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.... Read more

    • EPSS Score: %0.48
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6288

    Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620... Read more

    • EPSS Score: %0.71
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6287

    Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.... Read more

    • EPSS Score: %0.72
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2015-6286

    Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016.... Read more

    • EPSS Score: %0.17
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-6285

    Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.... Read more

    • EPSS Score: %0.44
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4499

    Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain n... Read more

    Affected Products : bugzilla
    • EPSS Score: %2.07
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2013

    IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.... Read more

    Affected Products : websphere_mq
    • EPSS Score: %0.59
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5630

    Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID.... Read more

    Affected Products : japan_connected-free_wi-fi
    • EPSS Score: %0.31
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5629

    The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.... Read more

    Affected Products : japan_connected-free_wi-fi
    • EPSS Score: %0.40
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-6921

    Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : zendesk_feedback_tab
    • EPSS Score: %0.32
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6920

    Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.... Read more

    Affected Products : sourceafrica
    • EPSS Score: %2.49
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6919

    Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php.... Read more

    Affected Products : googlesearch
    • EPSS Score: %0.22
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-7216

    Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.... Read more

    Affected Products : messenger
    • EPSS Score: %5.59
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291558 Results