Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-36373

    When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to ... Read more

    • EPSS Score: %0.13
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36372

    In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.... Read more

    Affected Products : ozone
    • EPSS Score: %0.63
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-36371

    Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists tha... Read more

    Affected Products : emissary-ingress
    • EPSS Score: %0.07
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36370

    An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.... Read more

    Affected Products : midnight_commander
    • EPSS Score: %0.51
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-36368

    An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user c... Read more

    Affected Products : debian_linux openssh
    • EPSS Score: %0.28
    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-36367

    PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker ca... Read more

    Affected Products : putty
    • EPSS Score: %0.14
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36366

    Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %10.90
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36365

    Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %1.00
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36364

    Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %10.90
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36363

    Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %1.00
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36359

    OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This... Read more

    Affected Products : bscw_classic
    • EPSS Score: %4.88
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36357

    An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp chec... Read more

    Affected Products : skiboot
    • EPSS Score: %0.20
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-36356

    KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this is... Read more

    Affected Products : viaware
    • EPSS Score: %90.24
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36352

    Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_ma... Read more

    Affected Products : hospital_information_management
    • EPSS Score: %0.18
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36351

    SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.... Read more

    • EPSS Score: %0.48
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36350

    Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authent... Read more

    Affected Products : powerscale_onefs
    • EPSS Score: %0.39
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-36349

    Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.... Read more

    • EPSS Score: %0.13
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-36348

    iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially ... Read more

    • EPSS Score: %0.42
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-36347

    iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process executio... Read more

    • EPSS Score: %1.77
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-36346

    Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.... Read more

    • EPSS Score: %1.22
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291608 Results