Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-42548

    Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more

    Affected Products : share-one-drive
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42547

    Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more

    Affected Products : out-of-the-box
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42546

    Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more

    Affected Products : use-your-drive
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42545

    An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.... Read more

    Affected Products : topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42544

    Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42543

    The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.... Read more

    Affected Products : daqfactory
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42542

    The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.... Read more

    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42540

    The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.... Read more

    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42539

    The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.... Read more

    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42538

    The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.... Read more

    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-42536

    The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.... Read more

    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-42534

    The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.... Read more

    Affected Products : tracer_sc_firmware tracer_sc
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42533

    Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploi... Read more

    Affected Products : bridge
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42532

    XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must ope... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42531

    XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must ope... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42530

    XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must ope... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42529

    XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must ope... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-42528

    XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of th... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42527

    Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interact... Read more

    Affected Products : macos windows premiere_elements
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-42526

    Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interact... Read more

    Affected Products : macos windows premiere_elements
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293510 Results