Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-37457

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.21
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37456

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37455

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37454

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37453

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37452

    NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.... Read more

    Affected Products : quorum
    • EPSS Score: %0.02
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37451

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37450

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37449

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37448

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.21
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-37447

    In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.... Read more

    Affected Products : quorum
    • EPSS Score: %0.84
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-37446

    In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.... Read more

    Affected Products : quorum
    • EPSS Score: %0.22
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37445

    In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.... Read more

    Affected Products : quorum
    • EPSS Score: %0.69
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-37444

    NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Messa... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %1.16
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-37443

    NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.44
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37442

    NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.34
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-37441

    NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.50
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37440

    NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.23
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37439

    NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.... Read more

    Affected Products : flexiserver
    • EPSS Score: %0.38
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2021-37436

    Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor ma... Read more

    Affected Products : echo_dot_firmware echo_dot
    • EPSS Score: %0.09
    • Published: Jul. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results