Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.4

MEDIUM

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server...

Affected Products : ubuntu_linux debian_linux samba
Published: Dec. 29, 2015

Modified: Apr. 12, 2025
5.4

MEDIUM

CVE-2021-20749

Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitra...

Affected Products : fudousan_plugin fudousan_plugin_pro_multi-user fudousan_plugin_pro_single-user
Published: Jun. 28, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2015-3612

A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page....

Affected Products : fortimanager
Published: Feb. 04, 2020

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20681

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors....

Affected Products : basercms
Published: Mar. 26, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20654

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site....

Affected Products : wekan
Published: Feb. 10, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2015-0284

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerab...

Affected Products : satellite spacewalk-java
Published: Apr. 14, 2016

Modified: Apr. 12, 2025
5.4

MEDIUM

CVE-2021-20553

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr...

Affected Products : sterling_b2b_integrator
Published: Dec. 19, 2024

Modified: Mar. 06, 2025
5.4

MEDIUM

CVE-2021-20549

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se...

Affected Products : linux_kernel aix content_navigator windows
Published: Apr. 27, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20528

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...

Affected Products : control_center
Published: May. 19, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20520

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s...

Affected Products : rational_engineering_lifecycle_manager rational_team_concert engineering_requirements_quality_assistant_on-premises engineering_insights engineering_lifecycle_management engineering_workflow_management engineering_lifecycle_optimization
Published: Mar. 30, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20519

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ...

Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management doors_next engineering_insights engineering_lifecycle_management +5 more products
Published: Apr. 12, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20504

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s...

Affected Products : rational_engineering_lifecycle_manager rational_team_concert engineering_requirements_quality_assistant_on-premises engineering_insights engineering_lifecycle_management engineering_workflow_management engineering_lifecycle_optimization
Published: Mar. 30, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20421

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitat...

Affected Products : linux_kernel windows jazz_team_server
Published: Jun. 24, 2022

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20368

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus...

Affected Products : cloud_pak_for_applications
Published: Jul. 13, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20366

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus...

Affected Products : cloud_pak_for_applications
Published: Jul. 13, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20362

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus...

Affected Products : cloud_pak_for_applications
Published: Jul. 13, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20338

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20351

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management
Published: Mar. 04, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20365

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus...

Affected Products : cloud_pak_for_applications
Published: Jul. 13, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-20340

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management
Published: Mar. 04, 2021

Modified: Nov. 21, 2024

Showing 20 of 294519 Results

Browse by Apps

Latest CVE Feed

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable