Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2021-42969

    Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed.... Read more

    Affected Products : anaconda3
    • Published: May. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42967

    Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.... Read more

    Affected Products : novel-plus novel-plus
    • Published: May. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42956

    Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non... Read more

    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42955

    Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote... Read more

    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42954

    Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or ... Read more

    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-42952

    Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets ... Read more

    Affected Products : zepl
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42951

    A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed t... Read more

    Affected Products : msol
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42950

    Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to c... Read more

    Affected Products : zepl
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-42948

    HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.... Read more

    Affected Products : hoteldruid
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-42946

    A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.... Read more

    Affected Products : htmly
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42945

    A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.... Read more

    Affected Products : zzcms
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42943

    Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter.... Read more

    Affected Products : ipplan
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-42940

    A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.... Read more

    Affected Products : projeqtor
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-42923

    ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. The code will run with normal user privileges unless the ... Read more

    Affected Products : windows showmypc
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42917

    Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.... Read more

    Affected Products : kodi
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42913

    The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-42912

    FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP ad... Read more

    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42911

    A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote mal... Read more

    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42897

    A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.... Read more

    Affected Products : feminer_wms
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42893

    In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293605 Results