Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2015-3959

    The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session t... Read more

    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3942

    Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-3940

    Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : wonderware_system_platform_2014
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4936

    Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4935

    Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CV... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4934

    Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CV... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4933

    Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CV... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4932

    Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CV... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4931

    Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4932, CVE-2015-4933, CVE-2015-4934, and CV... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1987

    IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958.... Read more

    Affected Products : websphere_mq_light
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1970

    The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere.... Read more

    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1958

    IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987.... Read more

    Affected Products : websphere_mq_light
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1956

    IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987.... Read more

    Affected Products : websphere_mq_light
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1955

    IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data.... Read more

    Affected Products : websphere_mq_light
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5623

    WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action... Read more

    Affected Products : debian_linux wordpress
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5622

    Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-inc... Read more

    Affected Products : debian_linux wordpress
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3440

    Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.... Read more

    Affected Products : debian_linux wordpress
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-5600

    The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks... Read more

    Affected Products : openssh
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5537

    The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerabil... Read more

    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5352

    The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions vi... Read more

    Affected Products : openssh
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294283 Results