Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    CRITICAL
    CVE-2021-44171

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 a... Read more

    Affected Products : fortios
    • Published: Oct. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-44170

    A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line argum... Read more

    Affected Products : fortios fortiproxy
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44169

    A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the... Read more

    Affected Products : forticlient
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44167

    An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in l... Read more

    Affected Products : forticlient
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2021-44166

    An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, ev... Read more

    Affected Products : fortitoken_mobile
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-44165

    A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contai... Read more

    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44164

    Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in ord... Read more

    Affected Products : qb_smart_service_robot
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-44163

    Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.... Read more

    Affected Products : qb_smart_service_robot
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44162

    Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authenti... Read more

    Affected Products : qb_smart_service_robot
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-44161

    Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.... Read more

    Affected Products : motp
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44160

    Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations ... Read more

    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44159

    4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny o... Read more

    Affected Products : gcb_doctor
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-44158

    ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.... Read more

    Affected Products : rt-ax56u_firmware rt-ax56u
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44152

    An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of a... Read more

    Affected Products : reprise_license_manager
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-44150

    The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.... Read more

    Affected Products : tusdotnet
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-44149

    An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World c... Read more

    Affected Products : op-tee i.mx_6ultralite
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-44148

    GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.... Read more

    Affected Products : gl-ar150_firmware gl-ar150
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-44147

    An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.... Read more

    Affected Products : filemaker_pro filemaker_server
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-44145

    In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.... Read more

    Affected Products : nifi
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-44144

    Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.... Read more

    Affected Products : asterix
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results