Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-29883

    IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by plan... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-2531

    Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server... Read more

    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5947

    The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote att... Read more

    Affected Products : firefox seamonkey
    • Published: Nov. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-1342

    IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457.... Read more

    Affected Products : insights_foundation_for_energy
    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-5803

    Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.... Read more

    Affected Products : nagios
    • Published: May. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-3033

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-6121

    An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and pot... Read more

    Affected Products : enterprise_linux
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1741

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1241

    An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.... Read more

    • Published: Oct. 25, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2011-3025

    Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Feb. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5721

    The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (a... Read more

    Affected Products : wireshark
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3767

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite_access_gate
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-29957

    If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.1... Read more

    Affected Products : thunderbird
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1633

    IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1107

    IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.... Read more

    Affected Products : marketing_platform
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1155

    IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.... Read more

    Affected Products : algo_one
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-2004

    Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM (component: Integration - Scripting). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with net... Read more

    Affected Products : siebel_crm server_bizlogic_script
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-2137

    ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-23001

    On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to up... Read more

    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1240

    IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.... Read more

    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293527 Results