Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-41565

    TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.... Read more

    Affected Products : tadtools
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-41564

    Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.... Read more

    Affected Products : tad_honor
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41563

    Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.... Read more

    Affected Products : tad_book3
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41562

    A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.... Read more

    Affected Products : snow_inventory_agent
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-41560

    OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.... Read more

    Affected Products : opencats
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-41559

    Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.... Read more

    Affected Products : silverstripe framework
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41558

    The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.... Read more

    Affected Products : set_user
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-41557

    Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders... Read more

    Affected Products : miles_rich_internet_application
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-41556

    sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of ... Read more

    Affected Products : fedora squirrel
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-41555

    In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without a... Read more

    Affected Products : web_central
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41554

    ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/sche... Read more

    Affected Products : web_central
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41553

    In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials... Read more

    Affected Products : web_central
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41552

    CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.... Read more

    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-41551

    Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.... Read more

    Affected Products : connection_broker
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-41550

    Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.... Read more

    Affected Products : connection_broker
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-41547

    A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All ve... Read more

    Affected Products : teamcenter_active_workspace
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-41546

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All ve... Read more

    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41545

    A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller rece... Read more

    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-41544

    A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL searc... Read more

    Affected Products : software_center
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-41543

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vuln... Read more

    • Published: Mar. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293555 Results