Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-41658

    Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page.... Read more

    Affected Products : student_quarterly_grading_system
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41657

    SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.... Read more

    Affected Products : collaborator
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41654

    SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php... Read more

    Affected Products : wuzhicms
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-41653

    The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41652

    Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.... Read more

    Affected Products : batflat
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41651

    A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.... Read more

    Affected Products : hotel_management_system
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41649

    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.... Read more

    Affected Products : online-shopping-system-advanced
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41648

    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.... Read more

    Affected Products : online-shopping-system-advanced
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-41647

    An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database informatio... Read more

    Affected Products : online_food_ordering_web_app
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41646

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..... Read more

    Affected Products : online_reviewer_system
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41645

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .... Read more

    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41644

    Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.... Read more

    Affected Products : online_food_ordering_system
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41643

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.... Read more

    Affected Products : church_management_system
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-41641

    Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.... Read more

    Affected Products : deno
    • Published: Jun. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-41639

    MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41638

    The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-41637

    Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-41636

    MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-41635

    When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.... Read more

    Affected Products : windows ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-41634

    A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293435 Results