Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-3152

    Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third pa... Read more

    Affected Products : home-assistant
    • EPSS Score: %0.38
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3151

    i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG_... Read more

    Affected Products : i-doit
    • EPSS Score: %0.28
    • Published: Feb. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3150

    A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1... Read more

    Affected Products : cryptshare_server
    • EPSS Score: %0.28
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-3149

    On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.... Read more

    Affected Products : nano_25_firmware nano_25
    • EPSS Score: %2.61
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3148

    An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/th... Read more

    Affected Products : fedora debian_linux salt
    • EPSS Score: %9.36
    • Published: Feb. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3146

    The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.... Read more

    • EPSS Score: %0.05
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3145

    In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication.... Read more

    Affected Products : identity_vault
    • EPSS Score: %0.07
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-3144

    In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)... Read more

    Affected Products : fedora debian_linux salt
    • EPSS Score: %6.20
    • Published: Feb. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3141

    In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration.... Read more

    Affected Products : stealth
    • EPSS Score: %0.04
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-3139

    In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For exa... Read more

    Affected Products : tcmu-runner
    • EPSS Score: %0.94
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3138

    In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.... Read more

    Affected Products : discourse
    • EPSS Score: %3.03
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3137

    XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.... Read more

    Affected Products : xwiki
    • EPSS Score: %0.15
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3135

    An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call.... Read more

    Affected Products : newspaper
    • EPSS Score: %0.44
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3134

    Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878.... Read more

    Affected Products : mubu
    • EPSS Score: %0.05
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3133

    The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.... Read more

    Affected Products : elementor_contact_form_db
    • EPSS Score: %0.12
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3131

    The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.... Read more

    Affected Products : 1c\
    • EPSS Score: %0.16
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-3130

    Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscati... Read more

    Affected Products : open-audit
    • EPSS Score: %0.63
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3128

    In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstrea... Read more

    • EPSS Score: %2.48
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3127

    NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.... Read more

    Affected Products : nats_server jwt_library
    • EPSS Score: %0.29
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3125

    In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between a... Read more

    • EPSS Score: %0.94
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292510 Results