Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2021-42083

    An authenticated attacker is able to create alerts that trigger a stored XSS attack.... Read more

    Affected Products : linux_kernel windows quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42082

    Local users are able to execute scripts under root privileges.... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42081

    An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-42080

    An attacker is able to launch a Reflected XSS attack using a crafted URL.... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-42079

    An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42078

    PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the... Read more

    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42077

    PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely comp... Read more

    Affected Products : php_event_calendar
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42076

    An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.... Read more

    Affected Products : barrier
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42075

    An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descr... Read more

    Affected Products : barrier
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42074

    An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello mess... Read more

    Affected Products : barrier
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-42073

    An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. Thi... Read more

    Affected Products : barrier
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42072

    An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause ... Read more

    Affected Products : fedora barrier
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42071

    In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.... Read more

    Affected Products : dvr_vx16_firmware dvr_vx16
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42070

    When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42069

    When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42068

    When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42067

    In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not ... Read more

    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-42066

    SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited t... Read more

    Affected Products : business_one
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42064

    If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend da... Read more

    Affected Products : commerce
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42063

    A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensi... Read more

    Affected Products : knowledge_warehouse
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results