Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-2136

    HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.... Read more

    Affected Products : arcsight_logger
    • EPSS Score: %0.14
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-5426

    Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.... Read more

    Affected Products : loadrunner
    • EPSS Score: %0.10
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6949

    Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.... Read more

    Affected Products : tm-1900
    • EPSS Score: %6.02
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6948

    Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document.... Read more

    Affected Products : wordperfect
    • EPSS Score: %2.40
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6946

    Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the serv... Read more

    Affected Products : accurev
    • EPSS Score: %26.20
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6945

    Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.... Read more

    Affected Products : jsp\/mysql_administrador_web
    • EPSS Score: %3.50
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6944

    Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp.... Read more

    Affected Products : jsp\/mysql_administrador_web
    • EPSS Score: %0.24
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-6943

    SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL command... Read more

    Affected Products : serendipity
    • EPSS Score: %0.25
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5472

    Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.... Read more

    Affected Products : ibs_mappro
    • EPSS Score: %0.93
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-4947

    Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote aut... Read more

    Affected Products : http_server
    • EPSS Score: %4.62
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4980

    Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.16
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1943

    IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted r... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.94
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9745

    The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.... Read more

    • EPSS Score: %2.68
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5998

    Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command.... Read more

    Affected Products : impero_education_pro
    • EPSS Score: %0.55
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5997

    Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data.... Read more

    Affected Products : impero_education_pro
    • EPSS Score: %0.41
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6830

    libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct ... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %30.43
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6290

    Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.... Read more

    • EPSS Score: %0.48
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6288

    Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620... Read more

    • EPSS Score: %0.71
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6287

    Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.... Read more

    • EPSS Score: %0.72
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2015-6286

    Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016.... Read more

    • EPSS Score: %0.17
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291647 Results