Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-42095

    Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.... Read more

    Affected Products : xshell
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42094

    An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-42093

    An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42092

    An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42091

    An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42090

    An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42089

    An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42088

    An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-42087

    An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42086

    An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42085

    An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-42084

    An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-42083

    An authenticated attacker is able to create alerts that trigger a stored XSS attack.... Read more

    Affected Products : linux_kernel windows quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42082

    Local users are able to execute scripts under root privileges.... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42081

    An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-42080

    An attacker is able to launch a Reflected XSS attack using a crafted URL.... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-42079

    An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42078

    PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the... Read more

    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42077

    PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely comp... Read more

    Affected Products : php_event_calendar
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42076

    An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.... Read more

    Affected Products : barrier
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293499 Results