Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-42667

    A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sen... Read more

    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42666

    A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order ... Read more

    Affected Products : engineers_online_portal
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42665

    An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.... Read more

    Affected Products : engineers_online_portal
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42664

    A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript c... Read more

    Affected Products : engineers_online_portal
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42663

    An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the we... Read more

    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42662

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the we... Read more

    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-42659

    There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit... Read more

    Affected Products : ac9_firmware ac9
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42656

    SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.... Read more

    Affected Products : siteserver_cms sscms
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42655

    SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.... Read more

    Affected Products : siteserver_cms sscms
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42654

    SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.... Read more

    Affected Products : siteserver_cms
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42651

    A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/.... Read more

    Affected Products : pentest_collaboration_framework
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42650

    Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.... Read more

    Affected Products : portainer
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42648

    Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.... Read more

    Affected Products : code-server
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42646

    XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server ... Read more

    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-42645

    CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.... Read more

    Affected Products : cmsimple_xh
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-42644

    cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.... Read more

    Affected Products : cmseasy
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42643

    cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.... Read more

    Affected Products : cmseasy
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42642

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer.... Read more

    Affected Products : web_stack
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42641

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.... Read more

    Affected Products : web_stack
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42640

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.... Read more

    Affected Products : web_stack
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293510 Results