Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-40678

    In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.... Read more

    Affected Products : piwigo
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40674

    An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.... Read more

    Affected Products : wuzhicms
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40670

    SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.... Read more

    Affected Products : wuzhicms
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40669

    SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.... Read more

    Affected Products : wuzhicms
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-40668

    The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write.... Read more

    Affected Products : http_file_server
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40663

    deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').... Read more

    Affected Products : deep.assign
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40662

    A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.... Read more

    Affected Products : chamilo_lms chamilo
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40660

    An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.... Read more

    Affected Products : nashorn_sandbox
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-40658

    Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.... Read more

    Affected Products : textpattern
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40656

    libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.... Read more

    Affected Products : libsixel
    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40654

    An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page... Read more

    Affected Products : dir-615_firmware dir-615
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40651

    OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.... Read more

    Affected Products : opensis
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40650

    In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.... Read more

    Affected Products : connx
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40649

    In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.... Read more

    Affected Products : connx
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40648

    In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory... Read more

    Affected Products : man2html
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40647

    In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIB... Read more

    Affected Products : man2html
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40645

    An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.... Read more

    Affected Products : jfinaloa
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40644

    An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml.... Read more

    Affected Products : oasys
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-40643

    EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any ... Read more

    Affected Products : eyesofnetwork
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-40642

    Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag ... Read more

    Affected Products : textpattern
    • Published: Jun. 29, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293259 Results