Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-42199

    An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42198

    An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42197

    An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42196

    An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42195

    An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution.... Read more

    Affected Products : swftools
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42194

    The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection v... Read more

    Affected Products : eyoucms
    • Published: Mar. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-42192

    Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.... Read more

    Affected Products : konga
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42185

    wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.... Read more

    Affected Products : wdja
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42183

    MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.... Read more

    Affected Products : masacms
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42171

    Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, ... Read more

    Affected Products : zenario
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42169

    The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected cor... Read more

    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42168

    Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page.... Read more

    Affected Products : try_my_recipe
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-42165

    MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".... Read more

    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42139

    Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations.... Read more

    Affected Products : deno_standard_modules
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42138

    A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.... Read more

    Affected Products : safenet_windows_logon_agent
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-42137

    An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.... Read more

    Affected Products : zammad
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-42136

    A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then b... Read more

    Affected Products : redcap
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-42135

    HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permis... Read more

    Affected Products : vault
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42134

    The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.... Read more

    Affected Products : unicorn
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-42133

    An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.... Read more

    Affected Products : avalanche
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293510 Results