Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.8

    HIGH
    CVE-2021-46153

    A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in... Read more

    Affected Products : simcenter_femap
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024
  • 7.8

    HIGH
    CVE-2021-46152

    A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in th... Read more

    Affected Products : simcenter_femap
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024
  • 7.8

    HIGH
    CVE-2021-46151

    A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. T... Read more

    Affected Products : simcenter_femap
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024
  • 4.8

    MEDIUM
    CVE-2021-46150

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.... Read more

    Affected Products : mediawiki
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
  • 7.5

    HIGH
    CVE-2021-46149

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search.... Read more

    Affected Products : mediawiki
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
  • 6.5

    MEDIUM
    CVE-2021-46148

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instanc... Read more

    Affected Products : mediawiki
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
  • 8.8

    HIGH
    CVE-2021-46147

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF.... Read more

    Affected Products : mediawiki
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-46146

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.... Read more

    Affected Products : mediawiki
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
  • 5.3

    MEDIUM
    CVE-2021-46145

    The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.... Read more

    Affected Products : civic_2012
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024
  • 6.1

    MEDIUM
    CVE-2021-46144

    Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.... Read more

    Affected Products : debian_linux roundcube
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2021-46142

    An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.... Read more

    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2021-46141

    An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.... Read more

    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024
  • 9.0

    HIGH
    CVE-2021-46122

    Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024
  • 7.2

    HIGH
    CVE-2021-46118

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024
  • 7.2

    HIGH
    CVE-2021-46117

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024
  • 7.2

    HIGH
    CVE-2021-46116

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024
  • 7.2

    HIGH
    CVE-2021-46115

    jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024
  • 8.8

    HIGH
    CVE-2021-46114

    jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024
  • 8.8

    HIGH
    CVE-2021-46113

    In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.... Read more

    Affected Products : kea-hotel-erp
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2021-46110

    Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.... Read more

    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293939 Results