Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-40997

    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40996

    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40995

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40994

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-40993

    A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-40992

    A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-40991

    A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40990

    A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40989

    A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.... Read more

    Affected Products : windows clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-40988

    A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-40987

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-40986

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40985

    A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.... Read more

    Affected Products : debian_linux htmldoc
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-40981

    ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.... Read more

    Affected Products : armoury_crate_lite_service
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40978

    The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https... Read more

    Affected Products : mkdocs
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40975

    Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title... Read more

    Affected Products : ecommerce-codeigniter-bootstrap
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40973

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.... Read more

    Affected Products : spotweb
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40972

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.... Read more

    Affected Products : spotweb
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40971

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.... Read more

    Affected Products : spotweb
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40970

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : spotweb
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293496 Results