Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2021-42192

    Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.... Read more

    Affected Products : konga
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42185

    wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.... Read more

    Affected Products : wdja
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42183

    MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.... Read more

    Affected Products : masacms
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42171

    Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, ... Read more

    Affected Products : zenario
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42169

    The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected cor... Read more

    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42168

    Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page.... Read more

    Affected Products : try_my_recipe
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-42165

    MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".... Read more

    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42139

    Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations.... Read more

    Affected Products : deno_standard_modules
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42138

    A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.... Read more

    Affected Products : safenet_windows_logon_agent
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42137

    An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.... Read more

    Affected Products : zammad
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-42136

    A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then b... Read more

    Affected Products : redcap
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-42135

    HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permis... Read more

    Affected Products : vault
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42134

    The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.... Read more

    Affected Products : unicorn
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-42133

    An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42132

    A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42131

    A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42130

    A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42129

    A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42128

    An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42127

    A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results