Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-3341

    A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.... Read more

    Affected Products : dxenterprise dxodyssey
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3340

    A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php... Read more

    Affected Products : wikindx
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-3339

    ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.... Read more

    Affected Products : modernflow
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3337

    The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.... Read more

    Affected Products : hide_thread_content
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-3336

    DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-... Read more

    Affected Products : wolfssl
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3333

    Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they ... Read more

    Affected Products : open-audit
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3332

    WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.... Read more

    Affected Products : wps_hide_login
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3331

    WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// U... Read more

    Affected Products : winscp
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3330

    RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr... Read more

    Affected Products : zephyr
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-3329

    Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack... Read more

    Affected Products : zephyr
    • Published: Feb. 26, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3328

    An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application.... Read more

    Affected Products : abyss_web_server_x1
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3327

    Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.... Read more

    Affected Products : dynamic_content
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3325

    Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some ex... Read more

    Affected Products : fedora monitorix
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3323

    Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpx... Read more

    Affected Products : zephyr
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3322

    Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3... Read more

    Affected Products : zephyr
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3321

    Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHS... Read more

    Affected Products : zephyr
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3320

    Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7... Read more

    Affected Products : zephyr
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3319

    DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/... Read more

    Affected Products : zephyr
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3318

    attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.... Read more

    Affected Products : dzzoffice
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3317

    KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.... Read more

    Affected Products : klog_server
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292894 Results