Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-0305

    IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security c... Read more

    Affected Products : connections
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-0214

    IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an uns... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-0210

    IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to discl... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-0206

    IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.... Read more

    Affected Products : cloud_orchestrator
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-0203

    A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-0202

    A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.... Read more

    Affected Products : cloud_orchestrator
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 2.8

    LOW
    CVE-2015-7494

    A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domai... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2015-7493

    IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.... Read more

    Affected Products : infosphere_information_server
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.4

    MEDIUM
    CVE-2015-7418

    IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-1976

    IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1128

    IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1127

    IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-9748

    IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6032

    IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-2866

    An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-5013

    The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-2765

    EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system.... Read more

    Affected Products : isilon_insightiq
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5933

    Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and s... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-8492

    The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.... Read more

    Affected Products : fortios
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-10213

    A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden at... Read more

    Affected Products : advanced_core_operating_system
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293350 Results