Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2021-41311

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servle...

Affected Products : jira_server jira_data_center jira_software_data_center
Published: Dec. 08, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-41310

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustom...

Affected Products : jira_server jira_data_center jira_software_data_center
Published: Nov. 01, 2021

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2021-41309

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugi...

Affected Products : jira_server jira_data_center jira_software_data_center
Published: Dec. 08, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-41308

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The a...

Affected Products : jira jira_server jira_data_center jira_software_data_center
Published: Oct. 26, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-41307

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The...

Affected Products : jira jira_server jira_data_center jira_software_data_center
Published: Oct. 26, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-41306

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions ...

Affected Products : jira jira_server jira_data_center jira_software_data_center
Published: Oct. 26, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. Th...

Affected Products : jira jira_server jira_data_center jira_software_data_center
Published: Oct. 26, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-41304

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected ve...

Affected Products : jira jira_server jira_data_center data_center
Published: Oct. 26, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0....

Affected Products : shiro financial_services_crime_and_compliance_management_studio
Published: Sep. 17, 2021

Modified: Nov. 21, 2024
7.3

HIGH

CVE-2021-41302

ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege....

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2021-41301

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in au...

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-41300

ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality....

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2021-41299

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in....

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-41298

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely ...

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-41297

ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text....

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-41296

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system....

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-41295

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system....

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
9.1

CRITICAL

CVE-2021-41294

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario....

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-41293

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and syste...

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-41292

ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and ...

Affected Products : ecs_router_controller-ecs_firmware riskbuster_firmware riskterminator ecs_router_controller-ecs riskbuster
Published: Sep. 30, 2021

Modified: Nov. 21, 2024

Showing 20 of 293428 Results

Browse by Apps

Latest CVE Feed

7.5

6.1

5.3

6.5

7.5

7.5

7.5

6.1

9.8

7.3

10.0

9.8

10.0

8.8

8.8

9.8

8.8

9.1

7.5

9.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable