Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-3612

    The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an... Read more

    Affected Products : activemq
    • EPSS Score: %0.67
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5566

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to exe... Read more

    • EPSS Score: %6.38
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6565

    sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape... Read more

    Affected Products : openssh
    • EPSS Score: %0.43
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-6564

    Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_... Read more

    Affected Products : openssh
    • EPSS Score: %4.75
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-6563

    The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction... Read more

    Affected Products : openssh mac_os_x
    • EPSS Score: %0.09
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-2908

    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.... Read more

    Affected Products : c4_obd-ii_dongle_firmware
    • EPSS Score: %0.96
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-2907

    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required user... Read more

    Affected Products : c4_obd-ii_dongle_firmware
    • EPSS Score: %0.64
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-2906

    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain... Read more

    Affected Products : c4_obd-ii_dongle_firmware
    • EPSS Score: %0.64
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2905

    Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users.... Read more

    • EPSS Score: %0.10
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-2904

    Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface.... Read more

    • EPSS Score: %0.18
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-2873

    Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information o... Read more

    Affected Products : deep_discovery_inspector
    • EPSS Score: %2.98
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2872

    Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions al... Read more

    Affected Products : deep_discovery_inspector
    • EPSS Score: %3.02
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2018

    IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspec... Read more

    • EPSS Score: %0.15
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4950

    The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for M... Read more

    • EPSS Score: %0.25
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-1992

    IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors.... Read more

    Affected Products : systems_director
    • EPSS Score: %0.05
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6557

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before ... Read more

    • EPSS Score: %0.05
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-4949

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 pla... Read more

    • EPSS Score: %0.06
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2015

    Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.... Read more

    Affected Products : domino
    • EPSS Score: %0.24
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-2014

    Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted... Read more

    Affected Products : domino
    • EPSS Score: %0.20
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-5408

    HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2... Read more

    • EPSS Score: %0.12
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291551 Results