Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-42639

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization.... Read more

    Affected Products : web_stack
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42638

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.... Read more

    Affected Products : linux_kernel macos web_stack
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42637

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.... Read more

    Affected Products : web_stack
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42635

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.... Read more

    Affected Products : linux_kernel macos web_stack
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42633

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.... Read more

    Affected Products : web_stack
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42631

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.... Read more

    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42627

    The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.... Read more

    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42624

    A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.... Read more

    Affected Products : miniftpd
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42614

    A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.... Read more

    Affected Products : fedora halibut
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42613

    A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.... Read more

    Affected Products : fedora halibut
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42612

    A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.... Read more

    Affected Products : fedora halibut
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42597

    A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.... Read more

    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42586

    A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.... Read more

    Affected Products : libredwg
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42585

    A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.... Read more

    Affected Products : libredwg
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42584

    A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32.... Read more

    Affected Products : convos
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42583

    A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.... Read more

    Affected Products : maddy maddy
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42581

    Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function. NO... Read more

    Affected Products : ramda
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42577

    An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.... Read more

    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42576

    The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.... Read more

    Affected Products : bluemonday pybluemonday
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42575

    The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.... Read more

    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293510 Results