Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-37597

    WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.... Read more

    Affected Products : wp_cerber
    • EPSS Score: %0.80
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37596

    Telegram Web K Alpha 0.6.1 allows XSS via a document name.... Read more

    Affected Products : web_k_alpha
    • EPSS Score: %0.22
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37595

    In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.... Read more

    Affected Products : windows freerdp freerdp
    • EPSS Score: %0.42
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37594

    In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.... Read more

    Affected Products : windows freerdp freerdp
    • EPSS Score: %0.42
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-37593

    PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensi... Read more

    Affected Products : peel_shopping
    • EPSS Score: %0.70
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37592

    Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.... Read more

    Affected Products : suricata
    • EPSS Score: %0.18
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37589

    Virtua Cobranca before 12R allows SQL Injection on the login page.... Read more

    Affected Products : cobranca
    • EPSS Score: %63.36
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-37588

    In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.... Read more

    Affected Products : charm
    • EPSS Score: %0.19
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37587

    In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.... Read more

    Affected Products : charm
    • EPSS Score: %0.18
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-37586

    The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.... Read more

    Affected Products : interaction_recording
    • EPSS Score: %0.26
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37584

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software... Read more

    • EPSS Score: %0.55
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37583

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).... Read more

    • EPSS Score: %0.60
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37580

    A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0... Read more

    Affected Products : shenyu
    • EPSS Score: %93.99
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37579

    The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching... Read more

    Affected Products : dubbo
    • EPSS Score: %4.56
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37578

    Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI inv... Read more

    Affected Products : juddi
    • EPSS Score: %1.58
    • Published: Jul. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37576

    arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.... Read more

    Affected Products : linux_kernel fedora
    • EPSS Score: %0.02
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37573

    A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page... Read more

    Affected Products : tiny_java_web_server
    • EPSS Score: %15.16
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-37572

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Missing authorization).... Read more

    • EPSS Score: %0.52
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37571

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).... Read more

    • EPSS Score: %0.55
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-37570

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).... Read more

    • EPSS Score: %0.61
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results