Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-3811

    epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted pac... Read more

    Affected Products : wireshark linux solaris
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-3810

    epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.... Read more

    Affected Products : wireshark
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-3809

    The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted pa... Read more

    Affected Products : wireshark
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-3808

    The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.... Read more

    Affected Products : wireshark
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0986

    Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.... Read more

    Affected Products : vport_activex_sdk_plus
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4092

    Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690.... Read more

    Affected Products : afaria
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4091

    XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Sec... Read more

    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-1013

    OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements.... Read more

    Affected Products : pi_server pi_sql_for_af
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-1008

    SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input.... Read more

    Affected Products : ams_device_manager
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0962

    Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle at... Read more

    Affected Products : web_filter
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0961

    Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : web_filter
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8147

    The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows r... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8146

    The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remot... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2946

    Stack-based buffer overflow in the Open CAD Format Council SXF common library before 3.30 allows remote attackers to execute arbitrary code via a crafted CAD file.... Read more

    Affected Products : sxf_common_library
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-2694

    The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zer... Read more

    Affected Products : kerberos_5 kerberos
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0935

    Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts.... Read more

    Affected Products : remote_support
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-0540

    SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : document_sciences_xpression
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2945

    mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2... Read more

    Affected Products : mt-phpincgi
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-2123

    Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access.... Read more

    Affected Products : nonstop_safeguard_security
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-2121

    HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569.... Read more

    Affected Products : network_virtualization
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292795 Results