Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-0850

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • EPSS Score: %0.17
    • Published: Mar. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2512

    Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : documentum_eroom
    • EPSS Score: %0.30
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0874

    Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.... Read more

    Affected Products : content_navigator
    • EPSS Score: %0.19
    • Published: Feb. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0858

    IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.... Read more

    Affected Products : content_navigator
    • EPSS Score: %0.12
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0178

    Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potenti... Read more

    Affected Products : samba
    • EPSS Score: %1.31
    • Published: May. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0968

    Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows... Read more

    • EPSS Score: %0.17
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0825

    Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset M... Read more

    • EPSS Score: %0.19
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0894

    RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.... Read more

    Affected Products : algo_credit_limits algorithmics
    • EPSS Score: %10.74
    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0910

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %1.28
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0846

    Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via... Read more

    • EPSS Score: %0.19
    • Published: Mar. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0915

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; ... Read more

    • EPSS Score: %0.30
    • Published: Jul. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0844

    Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.... Read more

    • EPSS Score: %0.16
    • Published: Mar. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2553

    Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.... Read more

    Affected Products : otrs
    • EPSS Score: %0.21
    • Published: Apr. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0925

    Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.... Read more

    Affected Products : sterling_control_center
    • EPSS Score: %0.14
    • Published: May. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0427

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.... Read more

    Affected Products : mysql
    • EPSS Score: %0.66
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0970

    The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links ... Read more

    • EPSS Score: %0.15
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0897

    The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticate... Read more

    Affected Products : flex_system_manager
    • EPSS Score: %0.09
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4791

    Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."... Read more

    Affected Products : exchange_server
    • EPSS Score: %40.44
    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-5953

    Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-0733

    Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to ce... Read more

    Affected Products : postgresql
    • EPSS Score: %7.67
    • Published: Mar. 19, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 292735 Results