Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-36382

    Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).... Read more

    Affected Products : devolutions_server
    • EPSS Score: %0.13
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-36381

    In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application.... Read more

    Affected Products : transaction_management
    • EPSS Score: %0.66
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-36380

    Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.... Read more

    Affected Products : sureline
    • Actively Exploited
    • EPSS Score: %94.27
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36377

    Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.... Read more

    Affected Products : fedora fossil
    • EPSS Score: %0.10
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36376

    dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.... Read more

    Affected Products : windows delta
    • EPSS Score: %0.08
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-36374

    When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commo... Read more

    • EPSS Score: %0.17
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-36373

    When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to ... Read more

    • EPSS Score: %0.13
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36372

    In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.... Read more

    Affected Products : ozone
    • EPSS Score: %0.63
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-36371

    Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists tha... Read more

    Affected Products : emissary-ingress
    • EPSS Score: %0.07
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36370

    An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.... Read more

    Affected Products : midnight_commander
    • EPSS Score: %0.51
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-36368

    An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user c... Read more

    Affected Products : debian_linux openssh
    • EPSS Score: %0.28
    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-36367

    PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker ca... Read more

    Affected Products : putty
    • EPSS Score: %0.14
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36366

    Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %10.90
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36365

    Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %1.00
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36364

    Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %10.90
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36363

    Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %1.00
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36359

    OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This... Read more

    Affected Products : bscw_classic
    • EPSS Score: %4.88
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36357

    An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp chec... Read more

    Affected Products : skiboot
    • EPSS Score: %0.20
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-36356

    KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this is... Read more

    Affected Products : viaware
    • EPSS Score: %90.24
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36352

    Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_ma... Read more

    Affected Products : hospital_information_management
    • EPSS Score: %0.18
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291634 Results