Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-37604

    In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may incremen... Read more

    Affected Products : miwi
    • EPSS Score: %0.48
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37601

    muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.... Read more

    Affected Products : prosody
    • EPSS Score: %0.67
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37600

    An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library env... Read more

    • EPSS Score: %0.04
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37599

    The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword paramete... Read more

    Affected Products : winscribe_dictation
    • EPSS Score: %8.15
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-37598

    WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.... Read more

    Affected Products : wp_cerber
    • EPSS Score: %0.25
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37597

    WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.... Read more

    Affected Products : wp_cerber
    • EPSS Score: %0.80
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37596

    Telegram Web K Alpha 0.6.1 allows XSS via a document name.... Read more

    Affected Products : web_k_alpha
    • EPSS Score: %0.22
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37595

    In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.... Read more

    Affected Products : windows freerdp freerdp
    • EPSS Score: %0.42
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37594

    In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.... Read more

    Affected Products : windows freerdp freerdp
    • EPSS Score: %0.42
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-37593

    PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensi... Read more

    Affected Products : peel_shopping
    • EPSS Score: %0.70
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37592

    Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.... Read more

    Affected Products : suricata
    • EPSS Score: %0.18
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37589

    Virtua Cobranca before 12R allows SQL Injection on the login page.... Read more

    Affected Products : cobranca
    • EPSS Score: %63.36
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-37588

    In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.... Read more

    Affected Products : charm
    • EPSS Score: %0.19
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37587

    In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.... Read more

    Affected Products : charm
    • EPSS Score: %0.18
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-37586

    The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.... Read more

    Affected Products : interaction_recording
    • EPSS Score: %0.26
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37584

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software... Read more

    • EPSS Score: %0.55
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37583

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).... Read more

    • EPSS Score: %0.60
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37580

    A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0... Read more

    Affected Products : shenyu
    • EPSS Score: %93.99
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37579

    The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching... Read more

    Affected Products : dubbo
    • EPSS Score: %4.56
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37578

    Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI inv... Read more

    Affected Products : juddi
    • EPSS Score: %1.58
    • Published: Jul. 29, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results