Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-42810

    A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.... Read more

    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42809

    Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42808

    Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42797

    Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.... Read more

    Affected Products : aveva_edge edge
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42796

    An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.... Read more

    Affected Products : aveva_edge edge
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42794

    An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.... Read more

    Affected Products : aveva_edge edge
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-42791

    An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in ... Read more

    Affected Products : veridiumad
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42787

    It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input val... Read more

    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42786

    It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed... Read more

    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42785

    Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.... Read more

    Affected Products : tightvnc
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42784

    OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.... Read more

    Affected Products : dwr-932c_e1_firmware dwr-932c
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42783

    Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.... Read more

    Affected Products : dwr-932c_e1_firmware dwr-932c
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42782

    Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.... Read more

    Affected Products : fedora opensc
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42781

    Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.... Read more

    Affected Products : enterprise_linux fedora opensc
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42780

    A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.... Read more

    Affected Products : enterprise_linux fedora opensc
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42779

    A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.... Read more

    Affected Products : enterprise_linux fedora opensc
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42778

    A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.... Read more

    Affected Products : enterprise_linux fedora opensc
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-42776

    CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.... Read more

    Affected Products : cloverdx
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42775

    Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arb... Read more

    Affected Products : emulex_hba_manager
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42774

    Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenti... Read more

    Affected Products : emulex_hba_manager
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293605 Results