Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2015-7463

    IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.... Read more

    Affected Products : business_process_manager
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-7461

    XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.... Read more

    Affected Products : connections
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7460

    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356.... Read more

    Affected Products : connections
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7459

    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.... Read more

    Affected Products : connections
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7458

    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354.... Read more

    Affected Products : connections
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-7453

    Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) ... Read more

    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-7449

    IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before... Read more

    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7440

    IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.... Read more

    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7434

    IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863.... Read more

    Affected Products : capacity_management_analytics
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7433

    IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862.... Read more

    Affected Products : capacity_management_analytics
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-7432

    IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861.... Read more

    Affected Products : capacity_management_analytics
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-7424

    IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force I... Read more

    Affected Products : infosphere_master_data_management
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7423

    Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM... Read more

    Affected Products : infosphere_master_data_management
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-7401

    IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106.... Read more

    Affected Products : curam_social_program_management
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-7344

    HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].... Read more

    Affected Products : hikashop
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-7343

    JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.... Read more

    Affected Products : jnews
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-7342

    JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.... Read more

    Affected Products : jnews
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-7341

    JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.... Read more

    Affected Products : jnews
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-7340

    JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.... Read more

    Affected Products : jevents
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-7339

    JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.... Read more

    Affected Products : jce
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292897 Results