Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-0779

    Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR fil... Read more

    Affected Products : zenworks_configuration_management
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7810

    The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to ... Read more

    Affected Products : debian_linux hp-ux tomcat
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-0230

    Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (threa... Read more

    Affected Products : tomcat virtualization
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-5324

    Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted direc... Read more

    Affected Products : zenworks_configuration_management
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-5323

    Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter i... Read more

    Affected Products : zenworks_configuration_management
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2125

    Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.... Read more

    Affected Products : webinspect
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0770

    CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSC... Read more

    Affected Products : telepresence_tc_software
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-0767

    Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132.... Read more

    Affected Products : edge_340_firmware edge_340
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0112

    Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5... Read more

    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8887

    IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via un... Read more

    Affected Products : marketing_operations
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-6222

    Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a ..... Read more

    Affected Products : marketing_operations
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6175

    Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : marketing_operations
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3950

    Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.... Read more

    Affected Products : 442sr_os 442sr
    • Published: Jun. 05, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2951

    JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.... Read more

    Affected Products : jwt
    • Published: Jun. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-2950

    Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename.... Read more

    Affected Products : open_explorer_beta
    • Published: Jun. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-2124

    Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors.... Read more

    Affected Products : thinpro_linux smart_zero_core
    • Published: Jun. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1000

    Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter.... Read more

    Affected Products : softcms
    • Published: Jun. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-0541

    Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users.... Read more

    • Published: Jun. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-9201

    Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-628... Read more

    • Published: Jun. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0766

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka B... Read more

    Affected Products : firesight_system_software
    • Published: Jun. 04, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293352 Results