Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2015-5407

    HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2... Read more

    • EPSS Score: %0.12
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-5406

    HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2... Read more

    • EPSS Score: %0.36
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4938

    IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.38
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2137

    Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : operations_manager_i
    • EPSS Score: %22.00
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2015-2132

    Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.... Read more

    Affected Products : hp-ux operations_manager_i
    • EPSS Score: %0.05
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1932

    IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by rea... Read more

    • EPSS Score: %0.32
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-1972

    Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized ... Read more

    Affected Products : tapestry
    • EPSS Score: %8.82
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2983

    Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users.... Read more

    Affected Products : photo_gallery_cms_free
    • EPSS Score: %0.13
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2982

    Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input... Read more

    Affected Products : photo_gallery_cms_free
    • EPSS Score: %0.32
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4537

    Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.... Read more

    Affected Products : documentum_d2
    • EPSS Score: %0.18
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2984

    I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.... Read more

    Affected Products : wn-g54\/r2_firmware wn-g54\/r2
    • EPSS Score: %0.60
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6258

    The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.... Read more

    • EPSS Score: %0.21
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6256

    Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820.... Read more

    Affected Products : asr_5000_series_software
    • EPSS Score: %0.46
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4331

    Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID C... Read more

    Affected Products : prime_infrastructure
    • EPSS Score: %0.16
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6530

    Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.... Read more

    Affected Products : secure_mft_2013 secure_mft_2014
    • EPSS Score: %0.25
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6529

    Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.29
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6528

    Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver... Read more

    Affected Products : coppermine_photo_gallery
    • EPSS Score: %0.22
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3219

    Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter i... Read more

    Affected Products : debian_linux solaris horizon horizon
    • EPSS Score: %0.41
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4318

    Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528.... Read more

    • EPSS Score: %0.54
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4536

    EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading thi... Read more

    Affected Products : documentum_content_server
    • EPSS Score: %0.20
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291551 Results