Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-40374

    A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes wh... Read more

    Affected Products : openeye
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40373

    playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.... Read more

    Affected Products : playsms
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40371

    Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.... Read more

    Affected Products : request_management
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-40369

    A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the vict... Read more

    Affected Products : jspwiki
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40368

    A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-... Read more

    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40367

    A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An a... Read more

    Affected Products : syngo_fastview
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-40366

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticate... Read more

    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40365

    Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.... Read more

    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40364

    A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (... Read more

    Affected Products : simatic_wincc simatic_pcs_7
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40363

    A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V... Read more

    Affected Products : simatic_wincc simatic_pcs_7
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40360

    A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V... Read more

    Affected Products : simatic_wincc simatic_pcs_7
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-40359

    A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATI... Read more

    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-40358

    A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (... Read more

    Affected Products : simatic_wincc simatic_pcs_7
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-40357

    A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All ver... Read more

    Affected Products : teamcenter_active_workspace
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40356

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML Extern... Read more

    Affected Products : teamcenter teamcenter_visualization
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40355

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Ins... Read more

    Affected Products : teamcenter teamcenter_visualization
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-40354

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the ... Read more

    Affected Products : teamcenter teamcenter_visualization
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40353

    A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incompl... Read more

    Affected Products : opensis
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40352

    OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.... Read more

    Affected Products : openemr
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40350

    webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the d... Read more

    Affected Products : dwu850-gs_firmware dwu850-gs
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293333 Results