Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-38156

    In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %86.03
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38155

    OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authen... Read more

    Affected Products : keystone
    • EPSS Score: %0.86
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38154

    Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive inf... Read more

    Affected Products : -
    • EPSS Score: %0.70
    • Published: Aug. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-38153

    Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or ... Read more

    • EPSS Score: %0.94
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38152

    index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.... Read more

    Affected Products : patient_management_system
    • EPSS Score: %0.44
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38151

    index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS.... Read more

    Affected Products : patient_management_system
    • EPSS Score: %0.21
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38149

    index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.... Read more

    Affected Products : patient_management_system
    • EPSS Score: %0.16
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38148

    Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs.... Read more

    Affected Products : obsidian
    • EPSS Score: %0.50
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38147

    Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_... Read more

    Affected Products : holmes
    • EPSS Score: %63.25
    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38146

    The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.... Read more

    Affected Products : holmes
    • EPSS Score: %45.09
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38145

    An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&exp... Read more

    Affected Products : core
    • EPSS Score: %2.77
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38144

    An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS].... Read more

    Affected Products : core
    • EPSS Score: %0.41
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38143

    An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertio... Read more

    Affected Products : core
    • EPSS Score: %1.07
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-38142

    Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgr... Read more

    Affected Products : mirrorop_windows_sender
    • EPSS Score: %0.09
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38140

    The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().... Read more

    Affected Products : set_user
    • EPSS Score: %0.36
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38138

    OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned f... Read more

    Affected Products : onenav onenav
    • EPSS Score: %0.35
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-38137

    Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.... Read more

    Affected Products : securewatch_managed_services
    • EPSS Score: %0.21
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-38136

    Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host.... Read more

    Affected Products : securewatch_managed_services
    • EPSS Score: %0.38
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-38130

    A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.... Read more

    Affected Products : voltage_securemail
    • EPSS Score: %0.26
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-38129

    Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Ope... Read more

    Affected Products : operations_agent
    • EPSS Score: %0.05
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results