Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-45813

    SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.... Read more

    Affected Products : webcti
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-45812

    NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.... Read more

    Affected Products : nvrsolo_firmware nvrsolo
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-45811

    A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.... Read more

    Affected Products : osticket
    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45810

    GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By h... Read more

    Affected Products : globalprotect-openconnect
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45809

    GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--scr... Read more

    Affected Products : globalprotect-openconnect
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45808

    jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.... Read more

    Affected Products : jpress
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45807

    jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.... Read more

    Affected Products : jpress
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45806

    jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45803

    MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.... Read more

    Affected Products : iresturant
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45802

    MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.... Read more

    Affected Products : iresturant
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45794

    Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.... Read more

    Affected Products : senayan_library_management_system
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45793

    Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.... Read more

    Affected Products : senayan_library_management_system
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-45792

    Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.... Read more

    Affected Products : senayan_library_management_system
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45791

    Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used b... Read more

    Affected Products : senayan_library_management_system
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45790

    An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.... Read more

    Affected Products : metersphere
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-45789

    An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.... Read more

    Affected Products : metersphere
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45788

    Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.... Read more

    Affected Products : metersphere
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45787

    There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.... Read more

    Affected Products : maccms
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45786

    In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.... Read more

    Affected Products : maccms
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-45785

    TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /... Read more

    Affected Products : trudesk
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293973 Results