Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-37421

    Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %8.91
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37420

    Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %1.00
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37419

    Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %7.71
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37417

    Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %18.58
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37416

    Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %7.00
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37414

    Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.... Read more

    Affected Products : manageengine_desktop_central
    • EPSS Score: %2.22
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37413

    GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content a... Read more

    Affected Products : dynweb
    • EPSS Score: %1.70
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37412

    The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.... Read more

    Affected Products : techradar
    • EPSS Score: %0.24
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37404

    There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3... Read more

    Affected Products : hadoop
    • EPSS Score: %0.70
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37403

    OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.49
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37402

    OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.44
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37401

    An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.... Read more

    • EPSS Score: %0.70
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37400

    An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.... Read more

    • EPSS Score: %0.70
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-37394

    In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.... Read more

    Affected Products : rpcms
    • EPSS Score: %0.42
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37393

    In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles publi... Read more

    Affected Products : rpcms
    • EPSS Score: %0.18
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37392

    In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the art... Read more

    Affected Products : rpcms
    • EPSS Score: %0.18
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37391

    A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side vi... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %0.56
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37390

    A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %0.33
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37389

    Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %0.36
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37388

    A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.... Read more

    Affected Products : dir-615_firmware dir-615
    • EPSS Score: %3.43
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291783 Results