Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2021-40359

    A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATI... Read more

    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-40358

    A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (... Read more

    Affected Products : simatic_wincc simatic_pcs_7
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-40357

    A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All ver... Read more

    Affected Products : teamcenter_active_workspace
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40356

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML Extern... Read more

    Affected Products : teamcenter teamcenter_visualization
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40355

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Ins... Read more

    Affected Products : teamcenter teamcenter_visualization
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-40354

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the ... Read more

    Affected Products : teamcenter teamcenter_visualization
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40353

    A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incompl... Read more

    Affected Products : opensis
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40352

    OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.... Read more

    Affected Products : openemr
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40350

    webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the d... Read more

    Affected Products : dwu850-gs_firmware dwu850-gs
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-40349

    e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring.... Read more

    Affected Products : speed_test
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-40348

    Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account... Read more

    Affected Products : uyuni spacewalk
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40347

    An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the fi... Read more

    Affected Products : postorius
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40346

    An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.... Read more

    Affected Products : fedora debian_linux haproxy
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-40345

    An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.... Read more

    Affected Products : nagios_xi
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-40344

    An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP s... Read more

    Affected Products : nagios_xi
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40343

    An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.... Read more

    Affected Products : nagios_xi
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40342

    In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versio... Read more

    Affected Products : foxman-un unem
    • Published: Jan. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-40341

    DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects  *... Read more

    Affected Products : foxman-un unem
    • Published: Jan. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40340

    Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a recon... Read more

    Affected Products : linkone
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40339

    Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23... Read more

    Affected Products : linkone
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results