Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2021-37144

    CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sa... Read more

    Affected Products : csz_cms
    • EPSS Score: %0.29
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37137

    The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. Thi... Read more

    • EPSS Score: %0.60
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37136

    The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME... Read more

    • EPSS Score: %0.23
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-37134

    Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.16
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-37132

    PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.08
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-37131

    There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some par... Read more

    • EPSS Score: %0.42
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37130

    There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory,... Read more

    Affected Products : fusioncube_firmware fusioncube
    • EPSS Score: %0.21
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37129

    There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service c... Read more

    • EPSS Score: %0.18
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37128

    HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.34
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-37127

    There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the cor... Read more

    • EPSS Score: %0.10
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37126

    Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.20
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37125

    Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.15
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37124

    There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow t... Read more

    Affected Products : pcmanager pc_smart_full_scene
    • EPSS Score: %0.04
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37123

    There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allo... Read more

    Affected Products : hero-ct060_firmware hero-ct060
    • EPSS Score: %0.18
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37122

    There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10... Read more

    • EPSS Score: %0.06
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37121

    There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.... Read more

    Affected Products : emui magic_ui
    • EPSS Score: %0.24
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37120

    There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.... Read more

    Affected Products : emui magic_ui
    • EPSS Score: %0.26
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37119

    There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.22
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-37118

    The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.11
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37117

    There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.22
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results