Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2021-38894

    IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM ... Read more

    Affected Products : security_verify_access
    • EPSS Score: %0.09
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-38893

    IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten... Read more

    • EPSS Score: %0.29
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38891

    IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.... Read more

    • EPSS Score: %0.10
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38890

    IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.... Read more

    • EPSS Score: %0.19
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-38887

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %0.16
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-38886

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • EPSS Score: %0.18
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38883

    IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun... Read more

    • EPSS Score: %0.22
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-38882

    IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.... Read more

    Affected Products : linux_kernel spectrum_scale
    • EPSS Score: %0.05
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-38879

    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information fr... Read more

    Affected Products : linux_kernel windows jazz_team_server
    • EPSS Score: %0.19
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38878

    IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.... Read more

    • EPSS Score: %0.20
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-38877

    IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ... Read more

    • EPSS Score: %0.33
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38876

    IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session... Read more

    Affected Products : i i
    • EPSS Score: %0.22
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-38875

    IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.... Read more

    Affected Products : mq
    • EPSS Score: %0.31
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-38874

    IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.... Read more

    • EPSS Score: %0.16
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-38873

    IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396.... Read more

    Affected Products : planning_analytics
    • EPSS Score: %0.16
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38872

    IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348.... Read more

    Affected Products : datapower_gateway
    • EPSS Score: %0.33
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38871

    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    Affected Products : linux_kernel windows jazz_team_server
    • EPSS Score: %0.22
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-38870

    IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session... Read more

    Affected Products : aspera_on_cloud
    • EPSS Score: %0.20
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38869

    IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.... Read more

    • EPSS Score: %0.35
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-38868

    IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ... Read more

    • EPSS Score: %0.08
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292058 Results