Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-40857

    Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.... Read more

    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40856

    Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.... Read more

    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40855

    The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production.... Read more

    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40854

    AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.... Read more

    Affected Products : anydesk
    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-40853

    TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow ... Read more

    Affected Products : gim
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40852

    TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information.... Read more

    Affected Products : gim
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40851

    TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.... Read more

    Affected Products : gim
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-40850

    TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.... Read more

    Affected Products : gim
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40849

    In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40848

    In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-40847

    The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the ... Read more

    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-40846

    An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL err... Read more

    Affected Products : trading_paints
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40845

    The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of... Read more

    Affected Products : alphacom_xe_audio_server
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-40843

    Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when... Read more

    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40842

    Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visit... Read more

    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40841

    A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server.... Read more

    Affected Products : liveconfig
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40840

    A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2.... Read more

    Affected Products : liveconfig
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40839

    The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.... Read more

    Affected Products : fedora rencode
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-40837

    A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack ... Read more

    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40836

    A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of th... Read more

    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293414 Results