Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-44431

    A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT... Read more

    Affected Products : jt_open_toolkit jt_utilities
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44430

    A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially craft... Read more

    Affected Products : jt_open_toolkit jt_utilities
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44429

    Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.... Read more

    Affected Products : serva
    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44428

    Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.... Read more

    Affected Products : pinkie
    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44427

    An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear paramete... Read more

    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44426

    An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker ... Read more

    Affected Products : anydesk
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-44425

    An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized ac... Read more

    Affected Products : anydesk
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44423

    An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds... Read more

    Affected Products : drawings_explorer
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44422

    An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer ... Read more

    Affected Products : drawings_sdk
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-44421

    The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.... Read more

    Affected Products : occlum
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44420

    In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.... Read more

    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44419

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP re... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44418

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP re... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44417

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP requ... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44416

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP re... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44415

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP re... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44414

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP reque... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44413

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP reque... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44412

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP reques... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-44411

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP reques... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293611 Results