Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-41465

    Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.... Read more

    Affected Products : concrete5-legacy
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41464

    Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.... Read more

    Affected Products : concrete5-legacy
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41463

    Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter.... Read more

    Affected Products : concrete5-legacy
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41462

    Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter.... Read more

    Affected Products : concrete5-legacy
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41461

    Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter.... Read more

    Affected Products : concrete5-legacy
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41460

    ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.... Read more

    Affected Products : ecshop
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41459

    There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.... Read more

    Affected Products : mp4box
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-41458

    In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.... Read more

    Affected Products : mp4box
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41457

    There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.... Read more

    Affected Products : mp4box
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41456

    There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.... Read more

    Affected Products : mp4box
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41451

    A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a... Read more

    Affected Products : archer_ax10_firmware archer_ax10
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41450

    An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.... Read more

    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-41449

    A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sendin... Read more

    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41445

    A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.... Read more

    Affected Products : dir-x1860_firmware dir-x1860
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41442

    An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.... Read more

    Affected Products : dir-x1860_firmware dir-x1860
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-41441

    A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, f... Read more

    Affected Products : dir-x1860_firmware dir-x1860
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-41436

    An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gamin... Read more

    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-41435

    A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, ... Read more

    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-41432

    A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.... Read more

    Affected Products : flatpress
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41427

    Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.... Read more

    Affected Products : smart_box_firmware smart_box
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293505 Results