Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-44906

    Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).... Read more

    Affected Products : minimist
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-44905

    Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.... Read more

    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44903

    Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. A... Read more

    Affected Products : center_pro
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44901

    Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers component... Read more

    Affected Products : dragon_center
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44900

    Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IO... Read more

    Affected Products : app_player
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44899

    Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnera... Read more

    Affected Products : center
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-44896

    DMP Roadmap before 3.0.4 allows XSS.... Read more

    Affected Products : dmproadmap
    • Published: Jan. 01, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44892

    A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.... Read more

    Affected Products : thinkphp
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-44886

    In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.... Read more

    Affected Products : zammad
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44882

    D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.... Read more

    Affected Products : dir-878_firmware dir-878
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44881

    D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.... Read more

    Affected Products : dir-882_firmware dir-882
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44880

    D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted... Read more

    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-44879

    In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44878

    If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the... Read more

    Affected Products : pac4j
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44877

    Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts... Read more

    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-44876

    Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This i... Read more

    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-44875

    Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This i... Read more

    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44874

    Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web app... Read more

    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44868

    A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do... Read more

    Affected Products : mcms
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44866

    An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.... Read more

    • Published: Feb. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293636 Results