Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-38169

    Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.... Read more

    Affected Products : roxy-wi
    • EPSS Score: %3.15
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-38168

    Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers.... Read more

    Affected Products : roxy-wi
    • EPSS Score: %0.32
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38167

    Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication.... Read more

    Affected Products : roxy-wi
    • EPSS Score: %1.05
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38166

    In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.10
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-38165

    Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.... Read more

    Affected Products : fedora debian_linux lynx
    • EPSS Score: %2.89
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38164

    SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that... Read more

    Affected Products : erp_financial_accounting
    • EPSS Score: %0.13
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-38162

    SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over ... Read more

    Affected Products : web_dispatcher
    • EPSS Score: %0.83
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-38161

    Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.... Read more

    Affected Products : debian_linux traffic_server
    • EPSS Score: %1.55
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38159

    In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MyS... Read more

    Affected Products : moveit_transfer
    • EPSS Score: %3.42
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38157

    LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    Affected Products : connection_broker
    • EPSS Score: %0.50
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38156

    In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %86.03
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38155

    OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authen... Read more

    Affected Products : keystone
    • EPSS Score: %0.86
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38154

    Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive inf... Read more

    Affected Products : -
    • EPSS Score: %0.70
    • Published: Aug. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-38153

    Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or ... Read more

    • EPSS Score: %0.94
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38152

    index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.... Read more

    Affected Products : patient_management_system
    • EPSS Score: %0.44
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38151

    index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS.... Read more

    Affected Products : patient_management_system
    • EPSS Score: %0.21
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38149

    index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.... Read more

    Affected Products : patient_management_system
    • EPSS Score: %0.16
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38148

    Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs.... Read more

    Affected Products : obsidian
    • EPSS Score: %0.50
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38147

    Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_... Read more

    Affected Products : holmes
    • EPSS Score: %63.25
    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38146

    The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.... Read more

    Affected Products : holmes
    • EPSS Score: %45.09
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291806 Results