Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-37331

    Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.... Read more

    Affected Products : booking_core
    • EPSS Score: %0.21
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37330

    Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and c... Read more

    Affected Products : booking_core
    • EPSS Score: %0.21
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-37326

    NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.... Read more

    Affected Products : xshell
    • EPSS Score: %0.24
    • Published: Aug. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37322

    GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.... Read more

    Affected Products : binutils gcc
    • EPSS Score: %0.16
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37293

    A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.... Read more

    Affected Products : 4st_l-bems
    • EPSS Score: %0.45
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-37292

    An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.... Read more

    Affected Products : 4st_l-bems
    • EPSS Score: %1.71
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37291

    An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.... Read more

    Affected Products : 4st_l-bems
    • EPSS Score: %0.58
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-37289

    Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.... Read more

    Affected Products : mzk-dp150n_firmware mzk-dp150n
    • EPSS Score: %0.46
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-37274

    Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.... Read more

    Affected Products : kis_cloud
    • EPSS Score: %0.33
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37273

    A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times.... Read more

    • EPSS Score: %0.30
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37271

    Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.... Read more

    Affected Products : ueditor
    • EPSS Score: %0.21
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37270

    There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background admini... Read more

    • EPSS Score: %0.26
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37267

    Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.... Read more

    Affected Products : kindeditor
    • EPSS Score: %0.24
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37262

    JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.37
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37254

    In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.... Read more

    Affected Products : m-files_server m-files_web m-files
    • EPSS Score: %0.32
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37253

    M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibi... Read more

    Affected Products : m-files_server m-files_web m-files
    • EPSS Score: %3.12
    • Published: Dec. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37232

    A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.... Read more

    Affected Products : atomicparsley
    • EPSS Score: %0.59
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37231

    A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.... Read more

    Affected Products : atomicparsley
    • EPSS Score: %0.34
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37223

    Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of ... Read more

    Affected Products : nagios_xi
    • EPSS Score: %0.68
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37222

    Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.... Read more

    Affected Products : rcdcap
    • EPSS Score: %0.88
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291641 Results