Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-44674

    An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.... Read more

    Affected Products : open-audit
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44673

    A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.... Read more

    Affected Products : croogo
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-44667

    A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.... Read more

    Affected Products : nacos
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-44665

    A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.... Read more

    Affected Products : xerte
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44664

    An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload fi... Read more

    Affected Products : xerte
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44663

    A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php.... Read more

    Affected Products : xerte_online_toolkits
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-44662

    A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php.... Read more

    Affected Products : xerte_online_toolkits
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44659

    Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerabi... Read more

    Affected Products : gocd
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-44657

    In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mod... Read more

    Affected Products : stackstorm
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44655

    Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44653

    Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the applic... Read more

    Affected Products : online_magazine_management_system
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44652

    Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.... Read more

    Affected Products : manageengine_o365_manager_plus
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44651

    Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.... Read more

    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-44650

    Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.... Read more

    Affected Products : manageengine_m365_manager_plus
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-44649

    Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in ... Read more

    Affected Products : django_cms
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44648

    GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.... Read more

    Affected Products : fedora debian_linux gdkpixbuf
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-44647

    Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.... Read more

    Affected Products : fedora lua
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44632

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44631

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44630

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293618 Results