Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-1676

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR p... Read more

    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1675

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows ... Read more

    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-1674

    The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover th... Read more

    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1673

    The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevat... Read more

    Affected Products : .net_framework
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1672

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service V... Read more

    Affected Products : .net_framework
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1671

    The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 b... Read more

    • Actively Exploited
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1670

    The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font P... Read more

    Affected Products : .net_framework
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1658

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1706... Read more

    Affected Products : internet_explorer
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9160

    Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3981

    SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037.... Read more

    Affected Products : netweaver_rfc_sdk
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3980

    SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.... Read more

    Affected Products : customer_relationship_management
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3979

    Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.... Read more

    Affected Products : customer_relationship_management
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3978

    SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830.... Read more

    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3646

    OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone ... Read more

    Affected Products : solaris keystone
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3622

    The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.... Read more

    Affected Products : fedora opensuse libtasn1
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3620

    Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary ... Read more

    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3451

    The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.... Read more

    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2845

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2844

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2843

    Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_crede... Read more

    Affected Products : goadmin_ce
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292879 Results