Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-42564

    An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refres... Read more

    Affected Products : cryptshare_server
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42563

    There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.... Read more

    Affected Products : windows ni_service_locator
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-42562

    An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-42561

    An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in ord... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42560

    An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server ... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42559

    An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will exe... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42558

    An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42557

    In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials.... Read more

    Affected Products : jeedom
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42556

    Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.... Read more

    Affected Products : rasa_x
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42555

    Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.... Read more

    Affected Products : infinity
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-42554

    An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerabi... Read more

    • Published: Feb. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42552

    Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.... Read more

    Affected Products : archivistabox
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42551

    Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; ver... Read more

    Affected Products : netbiblio
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-42550

    In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.... Read more

    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42549

    Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more

    Affected Products : lets-box
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42548

    Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more

    Affected Products : share-one-drive
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42547

    Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more

    Affected Products : out-of-the-box
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42546

    Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more

    Affected Products : use-your-drive
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42545

    An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.... Read more

    Affected Products : topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42544

    Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293508 Results