Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-46262

    Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.... Read more

    Affected Products : ac11_firmware ac11
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-46255

    eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.... Read more

    Affected Products : eyoucms
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46253

    A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.... Read more

    Affected Products : anchor_cms
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46252

    A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses.... Read more

    Affected Products : scratch_confirmaccount_v3
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-46251

    A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.... Read more

    Affected Products : scratchoauth2
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-46250

    An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.... Read more

    Affected Products : scratchoauth2
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46249

    An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.... Read more

    Affected Products : scratchoauth2
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46247

    The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.... Read more

    Affected Products : cmax6000_firmware cmax6000
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46244

    A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).... Read more

    Affected Products : hdf5
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46243

    An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : hdf5
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-46242

    HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.... Read more

    Affected Products : hdf5
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46240

    A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : gpac
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46239

    The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : gpac
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46238

    GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS).... Read more

    Affected Products : gpac
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46237

    An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : gpac
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46236

    A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : gpac
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46234

    A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : gpac
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46233

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46232

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46231

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293948 Results