Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-46108

    D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.... Read more

    Affected Products : dsl-2730e_firmware dsl-2730e
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46107

    Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.... Read more

    Affected Products : ligeo_basics
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46104

    An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.... Read more

    Affected Products : webp_server_go
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46102

    From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is tri... Read more

    Affected Products : rbpf rbpf
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46101

    In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.... Read more

    Affected Products : git
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-46097

    Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log... Read more

    Affected Products : dolphinphp
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46093

    eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.... Read more

    Affected Products : elite_cms
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46089

    In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.... Read more

    Affected Products : jeecg_boot
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-46088

    Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user.... Read more

    Affected Products : zabbix
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46087

    In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering ... Read more

    Affected Products : jfinal_cms
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46086

    xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite t... Read more

    Affected Products : xzs-mysql
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46085

    OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.... Read more

    Affected Products : oneblog
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46084

    uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box.... Read more

    Affected Products : uscat
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46083

    uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.... Read more

    Affected Products : uscat
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-46082

    Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.... Read more

    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-46080

    A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.... Read more

    Affected Products : vehicle_service_management_system
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-46079

    An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.... Read more

    Affected Products : vehicle_service_management_system
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-46078

    An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.... Read more

    Affected Products : vehicle_service_management_system
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-46076

    Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.... Read more

    Affected Products : vehicle_service_management_system
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-46075

    A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.... Read more

    Affected Products : vehicle_service_management_system
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293678 Results