Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-38576

    A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.... Read more

    Affected Products : edk2
    • EPSS Score: %0.18
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-38575

    NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.... Read more

    Affected Products : edk_ii edk2 kernel
    • EPSS Score: %0.51
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38574

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.02
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38573

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.02
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38572

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.02
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38571

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.... Read more

    Affected Products : foxit_reader phantompdf windows
    • EPSS Score: %0.03
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-38570

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.04
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38569

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.02
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38568

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.03
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38567

    An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204.... Read more

    Affected Products : pdf_reader pdf_editor
    • EPSS Score: %0.02
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38566

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes.... Read more

    Affected Products : pdf_editor pdf_reader
    • EPSS Score: %0.02
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38565

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm.... Read more

    Affected Products : pdf_editor pdf_reader
    • EPSS Score: %0.01
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-38564

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand.... Read more

    Affected Products : pdf_editor pdf_reader
    • EPSS Score: %0.02
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38563

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorre... Read more

    Affected Products : pdf_reader pdf_editor
    • EPSS Score: %0.02
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38562

    Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.... Read more

    Affected Products : fedora debian_linux request_tracker
    • EPSS Score: %0.13
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38560

    Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.... Read more

    Affected Products : service_manager
    • EPSS Score: %1.55
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38559

    DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.... Read more

    Affected Products : hoteldruid
    • EPSS Score: %0.25
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-38557

    raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also over... Read more

    Affected Products : raspap
    • EPSS Score: %0.73
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-38556

    includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.... Read more

    Affected Products : raspap
    • EPSS Score: %18.64
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-38555

    An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker t... Read more

    Affected Products : any23
    • EPSS Score: %1.27
    • Published: Sep. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291812 Results