Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-0140

    An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document.... Read more

    Affected Products : spss_statistics
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0120

    Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8927

    Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (C... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8926

    Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (C... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6192

    Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML vi... Read more

    Affected Products : curam_social_program_management
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6190

    The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document.... Read more

    Affected Products : workload_deployer
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4778

    IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks v... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-4774

    Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vecto... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-1921

    Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.... Read more

    Affected Products : websphere_portal
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1915

    The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attac... Read more

    Affected Products : endpoint_manager_family
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1911

    Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remot... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1910

    Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote authenticated users to inject arbitrary web script or... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1909

    The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain adm... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1899

    IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.... Read more

    Affected Products : websphere_portal
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1896

    Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1895

    IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior.... Read more

    Affected Products : optim_workload_replay
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1894

    Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.... Read more

    Affected Products : optim_workload_replay
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0722

    The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952.... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-0713

    The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2014-2174

    Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to ob... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results