Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2021-38621

    The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.... Read more

    Affected Products : flat_server
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38619

    openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/... Read more

    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38614

    Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    Affected Products : polipo
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38613

    The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.... Read more

    Affected Products : remkon_device_manager
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38612

    In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.... Read more

    Affected Products : remkon_device_manager
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38611

    A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.... Read more

    Affected Products : remkon_device_manager
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38608

    Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent.... Read more

    Affected Products : wapt
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38607

    Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.... Read more

    Affected Products : jetengine
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38606

    reNgine through 0.5 relies on a predictable directory name.... Read more

    Affected Products : rengine rengine
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-38603

    PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.... Read more

    Affected Products : pluxml
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-38602

    PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.... Read more

    Affected Products : pluxml
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38599

    WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise viol... Read more

    Affected Products : wal-g
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-38598

    OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server ... Read more

    Affected Products : neutron smart_vms
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-38597

    wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.... Read more

    Affected Products : wolfssl
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38593

    Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).... Read more

    Affected Products : fedora qt
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38592

    Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).... Read more

    Affected Products : wasm3
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-38591

    An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).... Read more

    Affected Products : android
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38590

    In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).... Read more

    Affected Products : cpanel
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-38589

    In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).... Read more

    Affected Products : cpanel
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-38588

    In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).... Read more

    Affected Products : cpanel
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results