Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2021-36766

    Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is no... Read more

    Affected Products : concrete_cms
    • EPSS Score: %1.54
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36765

    In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.... Read more

    Affected Products : ethernetip
    • EPSS Score: %0.31
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36764

    In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.... Read more

    Affected Products : gateway
    • EPSS Score: %0.34
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36763

    In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.... Read more

    • EPSS Score: %0.32
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36762

    An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might r... Read more

    Affected Products : nichestack
    • EPSS Score: %0.34
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-36761

    The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.... Read more

    Affected Products : qlik_sense
    • EPSS Score: %0.47
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36760

    In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset proc... Read more

    • EPSS Score: %1.28
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-36758

    1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create Secrets Automation access tokens can creat... Read more

    Affected Products : connect
    • EPSS Score: %0.19
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-36756

    CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.... Read more

    Affected Products : cfengine
    • EPSS Score: %0.09
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36755

    Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header.... Read more

    Affected Products : cgm-remote-monitor
    • EPSS Score: %0.24
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36754

    PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.... Read more

    Affected Products : authoritative_server
    • EPSS Score: %20.56
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36753

    sharkdp BAT before 0.18.2 executes less.exe from the current working directory.... Read more

    Affected Products : bat
    • EPSS Score: %0.20
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-36751

    ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation (without knowledge of the key). This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation.... Read more

    Affected Products : datavault
    • EPSS Score: %0.23
    • Published: Jan. 02, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-36750

    ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).... Read more

    • EPSS Score: %24.52
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-36749

    In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges ... Read more

    Affected Products : druid
    • EPSS Score: %93.20
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36748

    A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.... Read more

    Affected Products : blog
    • EPSS Score: %82.98
    • Published: Aug. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36747

    Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.... Read more

    Affected Products : blackboard_learn
    • EPSS Score: %0.21
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36746

    Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.... Read more

    Affected Products : blackboard_learn
    • EPSS Score: %0.21
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-36745

    A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentic... Read more

    • EPSS Score: %18.72
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36744

    Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.... Read more

    • EPSS Score: %0.23
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results