Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-42216

    A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.... Read more

    Affected Products : anonaddy
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42204

    An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42203

    An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42202

    An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42201

    An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42200

    An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42199

    An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42198

    An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42197

    An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42196

    An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42195

    An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42194

    The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection v... Read more

    Affected Products : eyoucms
    • Published: Mar. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-42192

    Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.... Read more

    Affected Products : konga
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42185

    wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.... Read more

    Affected Products : wdja
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42183

    MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.... Read more

    Affected Products : masacms
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42171

    Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, ... Read more

    Affected Products : zenario
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42169

    The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected cor... Read more

    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42168

    Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page.... Read more

    Affected Products : try_my_recipe
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-42165

    MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".... Read more

    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42139

    Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations.... Read more

    Affected Products : deno_standard_modules
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293499 Results