Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2021-37443

    NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.44
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37442

    NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.34
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-37441

    NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.50
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37440

    NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.23
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37439

    NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.... Read more

    Affected Products : flexiserver
    • EPSS Score: %0.38
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2021-37436

    Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor ma... Read more

    Affected Products : echo_dot_firmware echo_dot
    • EPSS Score: %0.09
    • Published: Jul. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-37425

    Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.... Read more

    Affected Products : mobiletogether_server
    • EPSS Score: %7.52
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37424

    ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %12.32
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37423

    Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %2.45
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37422

    Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %36.35
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37421

    Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %8.91
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37420

    Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %1.00
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37419

    Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %7.71
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37417

    Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %18.58
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37416

    Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %7.00
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37414

    Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.... Read more

    Affected Products : manageengine_desktop_central
    • EPSS Score: %2.22
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37413

    GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content a... Read more

    Affected Products : dynweb
    • EPSS Score: %1.70
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37412

    The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.... Read more

    Affected Products : techradar
    • EPSS Score: %0.24
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37404

    There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3... Read more

    Affected Products : hadoop
    • EPSS Score: %0.70
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37403

    OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.49
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results