Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-3113

    Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in w... Read more

    Affected Products : seba\+
    • Published: Jan. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-3111

    The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.... Read more

    Affected Products : concrete_cms
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3110

    The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.... Read more

    Affected Products : prestashop
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-3109

    The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.... Read more

    Affected Products : orion_platform
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3101

    Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container.... Read more

    Affected Products : hotdog
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3100

    The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.... Read more

    Affected Products : linux_kernel log4jhotpatch
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3064

    A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The ... Read more

    Affected Products : pan-os prisma_access
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3063

    An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface ... Read more

    Affected Products : pan-os prisma_access
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3062

    An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of ... Read more

    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-3061

    An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versi... Read more

    Affected Products : pan-os prisma_access
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-3060

    An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with roo... Read more

    Affected Products : pan-os prisma_access
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-3059

    An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue... Read more

    Affected Products : pan-os prisma_access
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-3058

    An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1... Read more

    Affected Products : pan-os prisma_access
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-3057

    A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalP... Read more

    Affected Products : globalprotect
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3056

    A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier t... Read more

    Affected Products : pan-os prisma_access
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3055

    An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to t... Read more

    Affected Products : pan-os
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-3054

    A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue im... Read more

    Affected Products : pan-os
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3053

    An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to cras... Read more

    Affected Products : pan-os
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-3052

    A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arb... Read more

    Affected Products : pan-os
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-3051

    An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perf... Read more

    Affected Products : cortex_xsoar
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results