Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-1171

    The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.... Read more

    Affected Products : tririga_application_platform
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1154

    IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.... Read more

    Affected Products : algo_one
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9990

    IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    Affected Products : inotes
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-9707

    IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available m... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-8935

    IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to ... Read more

    Affected Products : kenexa_lms kenexa_lms_on_cloud
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8917

    IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2016-6111

    IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informati... Read more

    Affected Products : curam_social_program_management
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6036

    IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6031

    IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6022

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3010

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3009

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6209

    Cross-site scripting (XSS) vulnerability in Nagios.... Read more

    Affected Products : nagios
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-4624

    Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2014-9114

    Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.... Read more

    Affected Products : fedora opensuse util-linux
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-5009

    Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.... Read more

    Affected Products : openstack nagios snoopy
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-5008

    Snoopy allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : debian_linux openstack snoopy
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-3931

    fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.... Read more

    Affected Products : multi-router_looking_glass
    • Actively Exploited
    • Published: Mar. 31, 2017
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2008-7313

    The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.... Read more

    Affected Products : openstack nagios snoopy
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7363

    Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.... Read more

    Affected Products : pixie pixie
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293616 Results