Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-41584

    Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.... Read more

    Affected Products : gradle
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-41583

    vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. ... Read more

    Affected Products : fedora debian_linux vpn-user-portal
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-41581

    x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.... Read more

    Affected Products : libressl
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-41580

    The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure err... Read more

    Affected Products : passport-oauth2
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-41579

    LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary file... Read more

    Affected Products : scada
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-41578

    mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user ... Read more

    Affected Products : mydesigner
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41573

    Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the fi... Read more

    Affected Products : content_platform_anywhere
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-41571

    In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the d... Read more

    Affected Products : pulsar
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-41570

    Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.... Read more

    Affected Products : netbackup
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41569

    SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro vari... Read more

    Affected Products : sas\/intrnet
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-41568

    Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.... Read more

    Affected Products : tad_web
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41567

    The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.... Read more

    Affected Products : tad_uploader
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41566

    The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.... Read more

    Affected Products : tadtools
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41565

    TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.... Read more

    Affected Products : tadtools
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-41564

    Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.... Read more

    Affected Products : tad_honor
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41563

    Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.... Read more

    Affected Products : tad_book3
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41562

    A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.... Read more

    Affected Products : snow_inventory_agent
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-41560

    OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.... Read more

    Affected Products : opencats
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-41559

    Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.... Read more

    Affected Products : silverstripe framework
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41558

    The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.... Read more

    Affected Products : set_user
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293414 Results