Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-43983

    WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : levistudiou
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43982

    Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : cncsoft
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-43981

    mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.... Read more

    Affected Products : mypro
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-43979

    Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper ... Read more

    Affected Products : gatekeeper
    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43977

    SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.... Read more

    Affected Products : smartermail
    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2021-43976

    In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).... Read more

    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-43975

    In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.... Read more

    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-43974

    An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the s... Read more

    Affected Products : sysaid itil
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43973

    An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-si... Read more

    Affected Products : sysaid
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-43972

    An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fi... Read more

    Affected Products : sysaid
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43971

    A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.... Read more

    Affected Products : sysaid
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-43970

    An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on th... Read more

    Affected Products : quicklert
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43969

    The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including... Read more

    Affected Products : quicklert
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-43963

    An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access ... Read more

    Affected Products : sync_gateway
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43961

    Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.... Read more

    Affected Products : nexus_repository_manager
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-43960

    Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and e... Read more

    Affected Products : connect2
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-43959

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of J... Read more

    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43958

    Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA ... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43957

    Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. Th... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43956

    The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results