Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-40660

    An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.... Read more

    Affected Products : nashorn_sandbox
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-40658

    Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.... Read more

    Affected Products : textpattern
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40656

    libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.... Read more

    Affected Products : libsixel
    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40654

    An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page... Read more

    Affected Products : dir-615_firmware dir-615
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40651

    OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.... Read more

    Affected Products : opensis
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40650

    In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.... Read more

    Affected Products : connx
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40649

    In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.... Read more

    Affected Products : connx
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40648

    In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory... Read more

    Affected Products : man2html
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40647

    In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIB... Read more

    Affected Products : man2html
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40645

    An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.... Read more

    Affected Products : jfinaloa
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40644

    An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml.... Read more

    Affected Products : oasys
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-40643

    EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any ... Read more

    Affected Products : eyesofnetwork
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-40642

    Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag ... Read more

    Affected Products : textpattern
    • Published: Jun. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40639

    Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.... Read more

    Affected Products : jfinal_cms
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40637

    OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.... Read more

    Affected Products : opensis
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40636

    OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.... Read more

    Affected Products : opensis
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40635

    OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.... Read more

    Affected Products : opensis
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40633

    A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.... Read more

    Affected Products : giflib
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40618

    An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.... Read more

    Affected Products : opensis
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40616

    thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authori... Read more

    Affected Products : thinkcmf
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293330 Results