Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-29681

    IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918.... Read more

    • EPSS Score: %0.19
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29679

    IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • EPSS Score: %0.72
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-29678

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.... Read more

    • EPSS Score: %0.10
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29677

    IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede... Read more

    Affected Products : security_verify
    • EPSS Score: %0.24
    • Published: Jun. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29676

    IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the v... Read more

    Affected Products : security_verify
    • EPSS Score: %0.12
    • Published: Jun. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29673

    IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more

    • EPSS Score: %0.22
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-29672

    IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the... Read more

    • EPSS Score: %0.05
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-29671

    IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.... Read more

    Affected Products : spectrum_scale
    • EPSS Score: %0.04
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29670

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more

    • EPSS Score: %0.21
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29668

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more

    • EPSS Score: %0.21
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29667

    IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.... Read more

    Affected Products : linux_kernel spectrum_scale
    • EPSS Score: %0.31
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29666

    IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred... Read more

    Affected Products : linux_kernel spectrum_scale
    • EPSS Score: %0.16
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-29665

    IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.... Read more

    Affected Products : security_verify_access
    • EPSS Score: %0.68
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-29663

    CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS p... Read more

    • EPSS Score: %0.20
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29662

    The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.... Read more

    Affected Products : snapcenter \
    • EPSS Score: %0.36
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29661

    Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated use... Read more

    Affected Products : opc_toolbox
    • EPSS Score: %0.32
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29660

    A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.... Read more

    Affected Products : opc_toolbox
    • EPSS Score: %0.14
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29658

    The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.... Read more

    Affected Products : vscode-rufo
    • EPSS Score: %0.48
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-29657

    arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29656

    Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.... Read more

    Affected Products : infinity_connect
    • EPSS Score: %0.22
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291419 Results