Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-43977

    SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.... Read more

    Affected Products : smartermail
    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2021-43976

    In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).... Read more

    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-43975

    In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.... Read more

    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-43974

    An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the s... Read more

    Affected Products : sysaid itil
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43973

    An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-si... Read more

    Affected Products : sysaid
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-43972

    An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fi... Read more

    Affected Products : sysaid
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43971

    A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.... Read more

    Affected Products : sysaid
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-43970

    An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on th... Read more

    Affected Products : quicklert
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43969

    The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including... Read more

    Affected Products : quicklert
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-43963

    An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access ... Read more

    Affected Products : sync_gateway
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43961

    Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.... Read more

    Affected Products : nexus_repository_manager
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-43960

    Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and e... Read more

    Affected Products : connect2
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-43959

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of J... Read more

    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43958

    Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA ... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43957

    Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. Th... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43956

    The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43955

    The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43954

    The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forg... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43953

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.js... Read more

    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43952

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The ... Read more

    Affected Products : jira_server jira_data_center
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293616 Results