Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-45054

    Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.... Read more

    Affected Products : macos windows incopy
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45053

    Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a... Read more

    Affected Products : macos windows incopy
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45052

    Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL... Read more

    Affected Products : macos windows bridge
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45051

    Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabi... Read more

    Affected Products : macos windows bridge
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45043

    HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-45042

    In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of se... Read more

    Affected Products : vault
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45041

    SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.... Read more

    Affected Products : suitecrm
    • Published: Dec. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45040

    The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.... Read more

    Affected Products : laravel_media_library
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-45038

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.... Read more

    Affected Products : mediawiki
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-45036

    Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.... Read more

    Affected Products : vclient
    • Published: Nov. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-45035

    Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.... Read more

    Affected Products : vclient
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45034

    A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All ... Read more

    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45033

    A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All ... Read more

    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45031

    A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.... Read more

    Affected Products : stawiz_usc\+\+
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45029

    Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.... Read more

    Affected Products : shenyu
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45027

    An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.... Read more

    Affected Products : oliver_v5_library
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-45026

    ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : ags-zena
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45025

    ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie.... Read more

    Affected Products : ags-zena
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45024

    ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).... Read more

    Affected Products : ags-zena
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-45018

    Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed).... Read more

    Affected Products : catfish_cms catfish-cms
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293625 Results