Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2021-42135

    HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permis... Read more

    Affected Products : vault
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42134

    The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.... Read more

    Affected Products : unicorn
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-42133

    An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42132

    A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42131

    A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42130

    A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42129

    A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42128

    An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42127

    A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42126

    An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42125

    An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42124

    An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42123

    Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, ena... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42122

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to i... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42121

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unex... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-42120

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily lon... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-42119

    Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and Jav... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-42118

    Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary ... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42117

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42116

    Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users,... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293496 Results