Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-45891

    An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.... Read more

    Affected Products : arc
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45890

    basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.... Read more

    Affected Products : authguard
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45889

    An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab... Read more

    Affected Products : x\/p_messenger
    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-45888

    An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only poss... Read more

    Affected Products : x\/p_messenger
    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45887

    An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on... Read more

    Affected Products : x\/p_messenger
    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45886

    An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to co... Read more

    Affected Products : x\/p_messenger
    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45885

    An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.... Read more

    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45884

    In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in ... Read more

    Affected Products : linux_kernel macos windows brave
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-45878

    Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.... Read more

    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45877

    Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomc... Read more

    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45876

    Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then ge... Read more

    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45868

    In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.... Read more

    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45866

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php.... Read more

    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45865

    A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.... Read more

    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45864

    tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp.... Read more

    Affected Products : tsmuxer
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45863

    tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp.... Read more

    Affected Products : tsmuxer
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45861

    There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277.... Read more

    Affected Products : tsmuxer
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45860

    An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file.... Read more

    Affected Products : tsmuxer
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45856

    Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash... Read more

    Affected Products : maximus_firmware maximus
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-45852

    An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.... Read more

    Affected Products : hospital_management_system_in_php
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293940 Results