Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-2871

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file.... Read more

    • EPSS Score: %0.05
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-2869

    Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL.... Read more

    • EPSS Score: %0.17
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-8222

    A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of servic... Read more

    • EPSS Score: %0.04
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9564

    Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.... Read more

    Affected Products : boa
    • EPSS Score: %0.62
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5987

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.... Read more

    Affected Products : maximo_asset_management
    • EPSS Score: %0.32
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5905

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : maximo_asset_management
    • EPSS Score: %0.15
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5890

    IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.16
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-3057

    Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.26
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-3014

    Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before... Read more

    • EPSS Score: %0.68
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-3009

    Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page... Read more

    Affected Products : connections
    • EPSS Score: %0.04
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2016-3004

    Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applica... Read more

    Affected Products : connections
    • EPSS Score: %0.07
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2016-3002

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.... Read more

    Affected Products : connections
    • EPSS Score: %0.06
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2963

    Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.11
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2958

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response.... Read more

    Affected Products : connections
    • EPSS Score: %0.22
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2957

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response.... Read more

    Affected Products : connections
    • EPSS Score: %0.16
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2953

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.... Read more

    Affected Products : connections
    • EPSS Score: %0.24
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2952

    IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.45
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2951

    IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.14
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2950

    SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.22
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-2949

    IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.05
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292511 Results