Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-43083

    Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability... Read more

    Affected Products : plc4x
    • Published: Dec. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43082

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.... Read more

    Affected Products : traffic_server
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43081

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override for... Read more

    Affected Products : fortios fortiproxy
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43080

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) att... Read more

    Affected Products : fortios
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43077

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or ... Read more

    Affected Products : fortiwlm
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-43076

    An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the syste... Read more

    Affected Products : fortiadc
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-43075

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized co... Read more

    Affected Products : fortiwlm
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43074

    An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions;... Read more

    Affected Products : fortios fortiproxy fortiweb fortiswitch
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43073

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via craft... Read more

    Affected Products : fortiweb
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-43072

    A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 an... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43071

    A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.... Read more

    Affected Products : fortiweb
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-43070

    Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesy... Read more

    Affected Products : fortiwlm
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-43068

    A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.... Read more

    Affected Products : fortiauthenticator
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-43067

    A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 ... Read more

    Affected Products : fortiauthenticator
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-43066

    A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.... Read more

    Affected Products : forticlient
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43065

    A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.... Read more

    Affected Products : fortinac
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43064

    A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handle... Read more

    Affected Products : fortiweb
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43063

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTT... Read more

    Affected Products : fortiweb
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43062

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code o... Read more

    Affected Products : fortimail
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43058

    An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redire... Read more

    Affected Products : replicated_classic
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293554 Results