Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-38407

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute c... Read more

    Affected Products : dialink
    • EPSS Score: %0.29
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38405

    The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.... Read more

    Affected Products : jt2go teamcenter_visualization
    • EPSS Score: %0.08
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38404

    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in t... Read more

    Affected Products : dopsoft
    • EPSS Score: %0.68
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38403

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely e... Read more

    Affected Products : dialink
    • EPSS Score: %0.29
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38402

    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An att... Read more

    Affected Products : dopsoft
    • EPSS Score: %1.98
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38401

    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.... Read more

    • EPSS Score: %0.22
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-38400

    An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.... Read more

    • EPSS Score: %0.02
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38399

    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.... Read more

    • EPSS Score: %0.18
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-38398

    The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-38397

    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.... Read more

    • EPSS Score: %0.12
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-38396

    The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.... Read more

    • EPSS Score: %0.02
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38395

    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.... Read more

    • EPSS Score: %0.14
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-38394

    An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings ... Read more

    • EPSS Score: %0.04
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38393

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agi... Read more

    Affected Products : diaenergie
    • EPSS Score: %1.65
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-38392

    A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.... Read more

    • EPSS Score: %0.04
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38391

    A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type be... Read more

    Affected Products : diaenergie
    • EPSS Score: %1.07
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38390

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egy... Read more

    Affected Products : diaenergie
    • EPSS Score: %1.65
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38389

    Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.... Read more

    Affected Products : webaccess
    • EPSS Score: %1.06
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38387

    In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.... Read more

    Affected Products : contiki contiki-os
    • EPSS Score: %0.33
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38386

    In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.... Read more

    Affected Products : contiki contiki-os
    • EPSS Score: %0.60
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291820 Results