Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-37354

    Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.... Read more

    Affected Products : phaser_4622_firmware phaser_4622
    • EPSS Score: %0.47
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37353

    Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.... Read more

    Affected Products : nagios_xi_docker_wizard
    • EPSS Score: %2.36
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37352

    An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %3.25
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-37351

    Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %0.58
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37350

    Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %47.52
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37349

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %0.16
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37348

    Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %11.69
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37347

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %0.08
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37346

    Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).... Read more

    Affected Products : nagios_xi_watchguard_wizard
    • EPSS Score: %51.15
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37345

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %0.08
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37344

    Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).... Read more

    Affected Products : nagios_xi_switch_wizard
    • EPSS Score: %53.60
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-37343

    A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %80.42
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37334

    Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performe... Read more

    Affected Products : forms umbracoforms
    • EPSS Score: %1.20
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37333

    Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.... Read more

    Affected Products : booking_core
    • EPSS Score: %0.38
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-37331

    Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.... Read more

    Affected Products : booking_core
    • EPSS Score: %0.21
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37330

    Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and c... Read more

    Affected Products : booking_core
    • EPSS Score: %0.21
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-37326

    NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.... Read more

    Affected Products : xshell
    • EPSS Score: %0.24
    • Published: Aug. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37322

    GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.... Read more

    Affected Products : binutils gcc
    • EPSS Score: %0.16
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37293

    A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.... Read more

    Affected Products : 4st_l-bems
    • EPSS Score: %0.45
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-37292

    An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.... Read more

    Affected Products : 4st_l-bems
    • EPSS Score: %1.71
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results