Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-45808

    jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.... Read more

    Affected Products : jpress
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45807

    jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.... Read more

    Affected Products : jpress
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45806

    jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.... Read more

    Affected Products : jpress
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45803

    MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.... Read more

    Affected Products : iresturant
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45802

    MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.... Read more

    Affected Products : iresturant
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45794

    Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.... Read more

    Affected Products : senayan_library_management_system
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45793

    Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.... Read more

    Affected Products : senayan_library_management_system
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-45792

    Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.... Read more

    Affected Products : senayan_library_management_system
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45791

    Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used b... Read more

    Affected Products : senayan_library_management_system
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45790

    An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.... Read more

    Affected Products : metersphere
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-45789

    An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.... Read more

    Affected Products : metersphere
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45788

    Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.... Read more

    Affected Products : metersphere
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45787

    There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.... Read more

    Affected Products : maccms
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45786

    In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.... Read more

    Affected Products : maccms
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-45785

    TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /... Read more

    Affected Products : trudesk
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2021-45783

    Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.... Read more

    Affected Products : notea_firmware notea
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45773

    A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.... Read more

    Affected Products : lib60870
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45769

    A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.... Read more

    Affected Products : libiec61850
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45767

    GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : gpac
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45764

    GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().... Read more

    Affected Products : gpac
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294267 Results