Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-3285

    jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.... Read more

    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3283

    HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.... Read more

    Affected Products : nomad
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3282

    HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.... Read more

    Affected Products : vault
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3281

    In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths wit... Read more

    Affected Products : fedora snapcenter django
    • Published: Feb. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3279

    sz.chat version 4 allows injection of web scripts and HTML in the message box.... Read more

    Affected Products : szchat
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3278

    Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.... Read more

    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3277

    Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.... Read more

    Affected Products : nagios_xi
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3275

    Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Arche... Read more

    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-3273

    Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3272

    jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.... Read more

    Affected Products : fedora jasper
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-3271

    PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.... Read more

    Affected Products : pressbooks
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3264

    SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.... Read more

    Affected Products : cxuucms
    • Published: Aug. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3262

    TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into t... Read more

    Affected Products : novusedu veo_transportation
    • Published: Aug. 29, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3258

    Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.... Read more

    Affected Products : q2a_ultimate_seo
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3256

    KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.... Read more

    Affected Products : kuaifancms
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3254

    Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.... Read more

    Affected Products : dsl-n14u-b1_firmware dsl-n14u-b1
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3252

    KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, w... Read more

    Affected Products : xp100u_firmware xp100u
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3246

    A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.... Read more

    Affected Products : fedora debian_linux libsndfile
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3243

    Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-ru... Read more

    Affected Products : wfilter_internet_content_filter
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3242

    DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.... Read more

    Affected Products : duxcms
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results