Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2021-3040

    An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not im... Read more

    Affected Products : bridgecrew_checkov
    • EPSS Score: %3.38
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3039

    An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor... Read more

    Affected Products : prisma_cloud
    • EPSS Score: %0.18
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3038

    A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This ... Read more

    Affected Products : globalprotect
    • EPSS Score: %0.04
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-3037

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, ... Read more

    Affected Products : pan-os
    • EPSS Score: %0.16
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-3036

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only t... Read more

    Affected Products : pan-os
    • EPSS Score: %0.13
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3035

    An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not imp... Read more

    Affected Products : bridgecrew_checkov
    • EPSS Score: %3.38
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.1

    MEDIUM
    CVE-2021-3034

    An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setu... Read more

    Affected Products : cortex_xsoar
    • EPSS Score: %0.07
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3033

    An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma C... Read more

    Affected Products : prisma_cloud
    • EPSS Score: %0.11
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-3032

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged i... Read more

    Affected Products : pan-os
    • EPSS Score: %0.10
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-3031

    Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random informa... Read more

    Affected Products : pan-os pa-200 pa-2020 pa-2050 pa-220 pa-3020 pa-3050 pa-3060 pa-3220 pa-3250 +4 more products
    • EPSS Score: %0.08
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3029

    EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerabil... Read more

    Affected Products : ecs_imaging
    • EPSS Score: %3.41
    • Published: Jan. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3028

    git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.... Read more

    Affected Products : git-big-picture
    • EPSS Score: %1.05
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3027

    app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.... Read more

    Affected Products : passhport
    • EPSS Score: %0.32
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3026

    Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.... Read more

    Affected Products : ips_community_suite
    • EPSS Score: %0.36
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3025

    Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).... Read more

    Affected Products : ips_community_suite
    • EPSS Score: %0.48
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3024

    HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.... Read more

    Affected Products : vault
    • EPSS Score: %0.45
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3022

    An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3021

    ISPConfig before 3.2.2 allows SQL injection.... Read more

    Affected Products : ispconfig
    • EPSS Score: %0.35
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3020

    An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root... Read more

    Affected Products : hawk
    • EPSS Score: %0.09
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3019

    ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.... Read more

    Affected Products : lanproxy
    • EPSS Score: %92.36
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292511 Results