Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-9208

    Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %19.99
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6827

    Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php.... Read more

    Affected Products : auto-exchanger
    • EPSS Score: %0.22
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6584

    Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.... Read more

    Affected Products : datatables
    • EPSS Score: %0.26
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6681

    Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6680.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %2.56
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6680

    Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6681.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %9.40
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2015-2546

    The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted ... Read more

    • Actively Exploited
    • EPSS Score: %39.09
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2545

    Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."... Read more

    Affected Products : office
    • Actively Exploited
    • EPSS Score: %93.25
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2544

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vu... Read more

    Affected Products : exchange_server
    • EPSS Score: %8.12
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2543

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerabil... Read more

    Affected Products : exchange_server
    • EPSS Score: %8.12
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2542

    Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • EPSS Score: %14.83
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2541

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %14.83
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2536

    Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Pri... Read more

    • EPSS Score: %10.44
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2535

    Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vul... Read more

    • EPSS Score: %17.29
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-2534

    Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerabil... Read more

    • EPSS Score: %0.60
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2532

    Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability."... Read more

    Affected Products : lync_server
    • EPSS Score: %11.19
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2531

    Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server... Read more

    • EPSS Score: %15.20
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2530

    Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a cra... Read more

    • EPSS Score: %23.10
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2529

    The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability."... Read more

    • EPSS Score: %4.40
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-2528

    Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management ... Read more

    • EPSS Score: %1.55
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-2527

    The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows... Read more

    • EPSS Score: %15.25
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291564 Results