Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-41645

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .... Read more

    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41644

    Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.... Read more

    Affected Products : online_food_ordering_system
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41643

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.... Read more

    Affected Products : church_management_system
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-41641

    Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.... Read more

    Affected Products : deno
    • Published: Jun. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-41639

    MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41638

    The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-41637

    Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-41636

    MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-41635

    When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.... Read more

    Affected Products : windows ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-41634

    A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-41619

    An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java ... Read more

    Affected Products : enterprise
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-41617

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsComman... Read more

    • Published: Sep. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41615

    websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 secti... Read more

    Affected Products : goahead
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41611

    An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improp... Read more

    Affected Products : fedora squid
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41609

    SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection... Read more

    Affected Products : selectsurvey.net
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41608

    A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order ... Read more

    Affected Products : selectsurvey.net
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41599

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the Git... Read more

    Affected Products : enterprise_server
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41598

    A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an... Read more

    Affected Products : enterprise_server
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41597

    SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.... Read more

    Affected Products : suitecrm
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-41596

    SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.... Read more

    Affected Products : suitecrm
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293425 Results