Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-4990

    The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by l... Read more

    Affected Products : tealeaf_customer_experience
    • EPSS Score: %0.06
    • Published: Jan. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4989

    The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary chart... Read more

    Affected Products : tealeaf_customer_experience
    • EPSS Score: %0.21
    • Published: Jan. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7456

    IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.... Read more

    Affected Products : spectrum_scale
    • EPSS Score: %0.20
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-7409

    Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.... Read more

    • EPSS Score: %0.17
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7445

    IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.... Read more

    • EPSS Score: %0.18
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7421

    Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.... Read more

    Affected Products : mq_appliance_m2000
    • EPSS Score: %0.28
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7420

    Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.... Read more

    Affected Products : mq_appliance_m2000
    • EPSS Score: %0.42
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-7415

    Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.17
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2015-7410

    The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.23
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5049

    SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : openpages_grc_platform
    • EPSS Score: %0.13
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-4943

    IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.... Read more

    Affected Products : websphere_mq_light
    • EPSS Score: %0.61
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-4941

    IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.... Read more

    Affected Products : websphere_mq_light
    • EPSS Score: %0.61
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-7489

    IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.... Read more

    Affected Products : spss_statistics
    • EPSS Score: %0.03
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-7441

    Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS ... Read more

    • EPSS Score: %0.25
    • Published: Jan. 01, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-5990

    Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.... Read more

    Affected Products : gs1900-10hp_firmware
    • EPSS Score: %0.11
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5989

    Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.... Read more

    Affected Products : gs1900-10hp_firmware
    • EPSS Score: %1.08
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-5988

    The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.... Read more

    Affected Products : gs1900-10hp_firmware
    • EPSS Score: %0.51
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-5987

    Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.... Read more

    Affected Products : gs1900-10hp_firmware
    • EPSS Score: %0.52
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2015-1947

    Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.... Read more

    Affected Products : infosphere_biginsights
    • EPSS Score: %0.06
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-7447

    IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obta... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.25
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291562 Results