Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2021-40909

    Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_c... Read more

    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40908

    SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.... Read more

    Affected Products : purchase_order_management_system
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40907

    SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.... Read more

    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40906

    CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by t... Read more

    Affected Products : checkmk checkmk
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40905

    The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to ... Read more

    Affected Products : checkmk checkmk
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40904

    The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation r... Read more

    Affected Products : checkmk checkmk
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40903

    A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.... Read more

    Affected Products : antminer_monitor
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40902

    flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page.... Read more

    Affected Products : flatcore-cms
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40901

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.... Read more

    Affected Products : scniro-validator
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40900

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.... Read more

    Affected Products : regexfn
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40899

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.... Read more

    Affected Products : repo-git-downloader
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40898

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.... Read more

    Affected Products : scaffold-helper
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40897

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.... Read more

    Affected Products : split-html-to-chars
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40896

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails.... Read more

    Affected Products : that-value
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40895

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements.... Read more

    Affected Products : todo-regex
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40894

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.... Read more

    Affected Products : underscore-99xp
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40893

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails.... Read more

    Affected Products : validate_data
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40892

    A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings.... Read more

    Affected Products : validate_color
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40889

    CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The at... Read more

    Affected Products : cmsuno
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40888

    Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.... Read more

    Affected Products : projectsend
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293355 Results