Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-36706

    In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %11.79
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36705

    In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %11.79
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36703

    The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary we... Read more

    Affected Products : htmly
    • EPSS Score: %0.22
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36702

    The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inje... Read more

    Affected Products : htmly
    • EPSS Score: %0.20
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-36701

    In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host.... Read more

    Affected Products : htmly
    • EPSS Score: %0.87
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36698

    Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.... Read more

    Affected Products : pandora_fms
    • EPSS Score: %0.63
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-36697

    With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" an... Read more

    Affected Products : pandora_fms
    • EPSS Score: %0.24
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36696

    Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation.... Read more

    Affected Products : deskpro
    • EPSS Score: %0.21
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36695

    Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation.... Read more

    Affected Products : deskpro
    • EPSS Score: %0.21
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-36692

    libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.... Read more

    Affected Products : libjxl
    • EPSS Score: %0.31
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36691

    libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.... Read more

    Affected Products : libjxl
    • EPSS Score: %0.30
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36690

    A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has ful... Read more

    • EPSS Score: %0.98
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-36689

    An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 dig... Read more

    Affected Products : samourai-wallet-android
    • EPSS Score: %0.03
    • Published: Mar. 04, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36668

    URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.... Read more

    Affected Products : insync_client
    • EPSS Score: %0.22
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36667

    Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.... Read more

    Affected Products : insync_client
    • EPSS Score: %1.07
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36666

    An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.... Read more

    Affected Products : insync_client
    • EPSS Score: %0.05
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36665

    An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.... Read more

    Affected Products : insync_client
    • EPSS Score: %0.17
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36654

    CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.... Read more

    Affected Products : cmsuno
    • EPSS Score: %2.60
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36646

    A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.... Read more

    Affected Products : kodexplorer
    • EPSS Score: %2.14
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36625

    An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.26
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291647 Results