Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2021-31224

    SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.... Read more

    Affected Products : endpoint_security
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-2403

    Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability th... Read more

    Affected Products : siebel_crm
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6725

    Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTM... Read more

    Affected Products : websphere_application_server
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0894

    RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.... Read more

    Affected Products : algo_credit_limits algorithmics
    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6892

    WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.... Read more

    Affected Products : debian_linux websvn
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0427

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.... Read more

    Affected Products : mysql
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0371

    Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors r... Read more

    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0858

    IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.... Read more

    Affected Products : content_navigator
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6912

    Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : internet_explorer garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3045

    The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function.... Read more

    • Published: Nov. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0846

    Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via... Read more

    • Published: Mar. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0897

    The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticate... Read more

    Affected Products : flex_system_manager
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0968

    Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows... Read more

    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0915

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; ... Read more

    • Published: Jul. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0844

    Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.... Read more

    • Published: Mar. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0910

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : websphere_portal
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0228

    Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.... Read more

    Affected Products : hive
    • Published: Nov. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0874

    Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.... Read more

    Affected Products : content_navigator
    • Published: Feb. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0825

    Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset M... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0824

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change an... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293517 Results