Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-46144

    Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.... Read more

    Affected Products : debian_linux roundcube
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46142

    An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.... Read more

    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46141

    An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.... Read more

    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-46122

    Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-46118

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-46117

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-46116

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-46115

    jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-46114

    jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-46113

    In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.... Read more

    Affected Products : kea-hotel-erp
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46110

    Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.... Read more

    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-46109

    Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.... Read more

    Affected Products : rt-ac52u_b1_firmware
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46108

    D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.... Read more

    Affected Products : dsl-2730e_firmware dsl-2730e
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46107

    Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.... Read more

    Affected Products : ligeo_basics
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46104

    An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.... Read more

    Affected Products : webp_server_go
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46102

    From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is tri... Read more

    Affected Products : rbpf rbpf
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46101

    In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.... Read more

    Affected Products : git
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-46097

    Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log... Read more

    Affected Products : dolphinphp
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46093

    eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.... Read more

    Affected Products : elite_cms
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46089

    In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.... Read more

    Affected Products : jeecg_boot
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293690 Results