Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-4129

    SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %0.87
    • Published: Jul. 05, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-0544

    EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.... Read more

    Affected Products : secure_remote_services
    • EPSS Score: %0.61
    • Published: Jul. 05, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-0543

    EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : secure_remote_services
    • EPSS Score: %0.13
    • Published: Jul. 05, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4453

    interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpi... Read more

    Affected Products : openemr
    • EPSS Score: %40.87
    • Published: Jul. 05, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2964

    NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header.... Read more

    Affected Products : namshi\/jose
    • EPSS Score: %0.45
    • Published: Jul. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4524

    Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital... Read more

    • EPSS Score: %0.90
    • Published: Jul. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1966

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inj... Read more

    Affected Products : tivoli_federated_identity_manager
    • EPSS Score: %0.37
    • Published: Jul. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0551

    Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Docum... Read more

    • EPSS Score: %0.16
    • Published: Jul. 04, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-4525

    The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified ve... Read more

    Affected Products : isilon_onefs isilon_onefs
    • EPSS Score: %0.63
    • Published: Jul. 04, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4196

    Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an S... Read more

    • EPSS Score: %0.24
    • Published: Jul. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0548

    The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrict... Read more

    Affected Products : documentum_d2
    • EPSS Score: %0.16
    • Published: Jul. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0547

    The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restricti... Read more

    Affected Products : documentum_d2
    • EPSS Score: %0.16
    • Published: Jul. 04, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-4239

    Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.... Read more

    • EPSS Score: %0.50
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-4237

    The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv0844... Read more

    • EPSS Score: %0.22
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-4234

    Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.... Read more

    Affected Products : nx-os nx-os
    • EPSS Score: %0.12
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-4232

    Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.... Read more

    • EPSS Score: %0.28
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-4231

    The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.... Read more

    Affected Products : nx-os nexus_7000 nexus_7700
    • EPSS Score: %0.11
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.8

    MEDIUM
    CVE-2015-3728

    The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.19
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3727

    WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's... Read more

    Affected Products : mac_os_x iphone_os safari
    • EPSS Score: %0.94
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-3726

    The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.33
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291002 Results