Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-37848

    common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.... Read more

    Affected Products : barebox
    • EPSS Score: %0.32
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37847

    crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.... Read more

    Affected Products : barebox
    • EPSS Score: %0.32
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37843

    The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6... Read more

    Affected Products : saml_single_sign_on
    • EPSS Score: %0.91
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37842

    metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, whi... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.16
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37841

    Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. T... Read more

    Affected Products : desktop
    • EPSS Score: %0.09
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-37840

    aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browse... Read more

    Affected Products : aapanel
    • EPSS Score: %0.40
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-37839

    Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.... Read more

    Affected Products : superset
    • EPSS Score: %0.18
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37833

    A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.... Read more

    Affected Products : hoteldruid
    • EPSS Score: %5.43
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37832

    A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.... Read more

    Affected Products : hoteldruid
    • EPSS Score: %13.08
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37819

    PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.... Read more

    Affected Products : pdftk-java
    • EPSS Score: %0.11
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-37808

    SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vu... Read more

    Affected Products : news_portal news_portal
    • EPSS Score: %0.40
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37807

    An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.... Read more

    • EPSS Score: %0.25
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-37806

    An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for ... Read more

    Affected Products : vehicle_parking_management_system
    • EPSS Score: %0.40
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37805

    A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.... Read more

    Affected Products : vehicle_parking_management_system
    • EPSS Score: %0.18
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37803

    An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php .... Read more

    • EPSS Score: %0.32
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37794

    A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator ... Read more

    Affected Products : filebrowser
    • EPSS Score: %0.28
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-37791

    MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.... Read more

    Affected Products : myadmin
    • EPSS Score: %0.36
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37788

    A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP re... Read more

    Affected Products : testrail
    • EPSS Score: %0.24
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2021-37786

    Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certifi... Read more

    Affected Products : covid_certificate
    • EPSS Score: %0.03
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37778

    There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.... Read more

    Affected Products : gps-sdr-sim
    • EPSS Score: %1.21
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291737 Results