Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-38138

    OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned f... Read more

    Affected Products : onenav onenav
    • EPSS Score: %0.35
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-38137

    Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.... Read more

    Affected Products : securewatch_managed_services
    • EPSS Score: %0.21
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-38136

    Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host.... Read more

    Affected Products : securewatch_managed_services
    • EPSS Score: %0.38
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-38130

    A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.... Read more

    Affected Products : voltage_securemail
    • EPSS Score: %0.26
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-38129

    Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Ope... Read more

    Affected Products : operations_agent
    • EPSS Score: %0.05
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38127

    Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).... Read more

    • EPSS Score: %0.24
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38126

    Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).... Read more

    • EPSS Score: %0.24
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38125

    Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulner... Read more

    Affected Products : operations_bridge
    • EPSS Score: %1.66
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38124

    Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.... Read more

    • EPSS Score: %2.10
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38123

    Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after auth... Read more

    Affected Products : network_automation
    • EPSS Score: %0.23
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-38115

    read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.... Read more

    Affected Products : libgd
    • EPSS Score: %0.29
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38114

    libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.... Read more

    Affected Products : debian_linux ffmpeg
    • EPSS Score: %0.11
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38113

    In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.... Read more

    Affected Products : openwebif
    • EPSS Score: %0.17
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-38112

    In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.... Read more

    Affected Products : aws_workspaces
    • EPSS Score: %28.52
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38110

    Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of t... Read more

    Affected Products : wordperfect_2020
    • EPSS Score: %0.37
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38109

    Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Explo... Read more

    Affected Products : coreldraw_2020 coreldraw
    • EPSS Score: %0.24
    • Published: Oct. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38108

    Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of t... Read more

    Affected Products : wordperfect_2020
    • EPSS Score: %0.24
    • Published: Oct. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38107

    CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the curr... Read more

    Affected Products : coreldraw_2020 coreldraw
    • EPSS Score: %0.24
    • Published: Oct. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38106

    UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the curr... Read more

    Affected Products : presentations_2020
    • EPSS Score: %0.24
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38105

    IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the curr... Read more

    Affected Products : presentations_2020
    • EPSS Score: %0.24
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results