Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2015-1673

    The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevat... Read more

    Affected Products : .net_framework
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1672

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service V... Read more

    Affected Products : .net_framework
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1671

    The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 b... Read more

    • Actively Exploited
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1670

    The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font P... Read more

    Affected Products : .net_framework
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1658

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1706... Read more

    Affected Products : internet_explorer
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9160

    Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3981

    SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037.... Read more

    Affected Products : netweaver_rfc_sdk
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3980

    SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.... Read more

    Affected Products : customer_relationship_management
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3979

    Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.... Read more

    Affected Products : customer_relationship_management
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3978

    SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830.... Read more

    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3646

    OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone ... Read more

    Affected Products : solaris keystone
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3622

    The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.... Read more

    Affected Products : fedora opensuse libtasn1
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3620

    Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary ... Read more

    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3451

    The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.... Read more

    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2845

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2844

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2843

    Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_crede... Read more

    Affected Products : goadmin_ce
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2842

    Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable ex... Read more

    Affected Products : goadmin_ce
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-2829

    Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.... Read more

    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2668

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.... Read more

    Affected Products : ubuntu_linux clamav
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292796 Results