Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-39024

    IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more

    Affected Products : guardium_data_encryption
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39023

    IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM ... Read more

    Affected Products : guardium_data_encryption
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39022

    IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is ... Read more

    Affected Products : guardium_data_encryption
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39021

    IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856.... Read more

    Affected Products : guardium_data_encryption
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39020

    IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force I... Read more

    Affected Products : guardium_data_encryption
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-39014

    IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more

    Affected Products : cloud_object_storage_system
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-39013

    IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.... Read more

    Affected Products : openshift cloud_pak_for_security
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-39011

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645. ... Read more

    Affected Products : linux_kernel cloud_pak_for_security
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-39009

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-39008

    IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551. ... Read more

    Affected Products : qradar_wincollect
    • Published: Nov. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39006

    IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549.... Read more

    Affected Products : linux_kernel qradar_wincollect
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39002

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-39000

    IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.... Read more

    Affected Products : mq_appliance
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38999

    IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.... Read more

    Affected Products : mq_appliance
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38997

    IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct vari... Read more

    Affected Products : api_connect
    • Published: Dec. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-38996

    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.... Read more

    Affected Products : aix vios
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-38995

    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073.... Read more

    Affected Products : aix vios
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-38994

    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072.... Read more

    Affected Products : aix vios
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-38993

    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.... Read more

    Affected Products : aix vios
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-38991

    IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.... Read more

    Affected Products : aix vios
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292834 Results