Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2015-2167

    Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-... Read more

    • EPSS Score: %0.22
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2166

    Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.... Read more

    • EPSS Score: %73.60
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2165

    Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate... Read more

    • EPSS Score: %0.28
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1843

    The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image... Read more

    Affected Products : docker
    • EPSS Score: %1.12
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1602

    Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging th... Read more

    Affected Products : simatic_step_7
    • EPSS Score: %0.06
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1601

    Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.... Read more

    Affected Products : simatic_step_7
    • EPSS Score: %0.40
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0877

    Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name.... Read more

    Affected Products : c-board_moyuku
    • EPSS Score: %1.59
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1893

    The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.... Read more

    • EPSS Score: %0.82
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1890

    /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attacke... Read more

    Affected Products : general_parallel_file_system
    • EPSS Score: %0.15
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-0179

    Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.... Read more

    Affected Products : lotus_domino domino
    • EPSS Score: %0.69
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0134

    Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : lotus_domino domino
    • EPSS Score: %19.25
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0119

    FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • EPSS Score: %1.80
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0117

    The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.... Read more

    Affected Products : lotus_domino domino
    • EPSS Score: %13.68
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2014-6221

    The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat crypt... Read more

    Affected Products : rational_clearcase
    • EPSS Score: %0.63
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1465

    The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memor... Read more

    Affected Products : linux_kernel ubuntu_linux
    • EPSS Score: %7.72
    • Published: Apr. 05, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0777

    drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from unin... Read more

    Affected Products : linux_kernel xen
    • EPSS Score: %0.13
    • Published: Apr. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-0951

    X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.... Read more

    Affected Products : x-cart
    • EPSS Score: %0.33
    • Published: Apr. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0950

    Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.... Read more

    Affected Products : x-cart
    • EPSS Score: %0.46
    • Published: Apr. 05, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0932

    The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write... Read more

    • EPSS Score: %0.77
    • Published: Apr. 05, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0529

    EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.... Read more

    Affected Products : powerpath_virtual_appliance
    • EPSS Score: %0.60
    • Published: Apr. 05, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290958 Results