Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-2872

    Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.... Read more

    • EPSS Score: %0.11
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-2870

    Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors.... Read more

    • EPSS Score: %0.45
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-2868

    IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.... Read more

    • EPSS Score: %0.17
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-2867

    IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.... Read more

    Affected Products : infosphere_streams streams
    • EPSS Score: %0.04
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2861

    IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : websphere_extreme_scale
    • EPSS Score: %0.23
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1440

    The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file tra... Read more

    Affected Products : web_security_appliance
    • EPSS Score: %0.44
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1416

    Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.... Read more

    Affected Products : prime_collaboration_provisioning
    • EPSS Score: %5.30
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1408

    Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.... Read more

    • EPSS Score: %0.27
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1289

    The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discoveri... Read more

    • EPSS Score: %6.31
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0400

    CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a c... Read more

    Affected Products : websphere_extreme_scale
    • EPSS Score: %3.49
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-0399

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : maximo_asset_management
    • EPSS Score: %0.17
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0398

    IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.22
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0391

    The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.... Read more

    Affected Products : bluemix watson_developer_cloud
    • EPSS Score: %0.86
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-0387

    Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerabili... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.17
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2016-0386

    Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete em... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.10
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-0375

    JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.... Read more

    Affected Products : messagesight
    • EPSS Score: %1.07
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0374

    The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.60
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0365

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecifie... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.19
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0364

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.16
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-0362

    IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, v... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.14
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291222 Results