Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-36740

    Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before ... Read more

    • EPSS Score: %0.13
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36738

    The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact... Read more

    Affected Products : pluto jetspeed
    • EPSS Score: %15.93
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36737

    The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact... Read more

    Affected Products : pluto jetspeed
    • EPSS Score: %15.93
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36724

    ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override ... Read more

    Affected Products : secureconnector
    • EPSS Score: %0.04
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36723

    Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.... Read more

    Affected Products : emuse_-_eservices_\/_envoice
    • EPSS Score: %0.21
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-36722

    Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Senset... Read more

    Affected Products : emuse_-_eservices_\/_envoice
    • EPSS Score: %0.19
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-36721

    Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.... Read more

    Affected Products : application_programming_interface
    • EPSS Score: %0.15
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36720

    PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies .... Read more

    Affected Products : mail_secure
    • EPSS Score: %0.24
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-36719

    PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code.... Read more

    Affected Products : mail_secure mail_secure
    • EPSS Score: %0.40
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-36718

    SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed an... Read more

    Affected Products : eharmonynew synel_reports
    • EPSS Score: %0.18
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36717

    Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could... Read more

    Affected Products : timenet
    • EPSS Score: %0.25
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36716

    A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amoun... Read more

    Affected Products : is-email
    • EPSS Score: %0.47
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36711

    WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.... Read more

    Affected Products : octobot
    • EPSS Score: %49.54
    • Published: Jul. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36710

    ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0.... Read more

    Affected Products : toaruos
    • EPSS Score: %0.05
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36708

    In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %0.29
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36707

    In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %11.79
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36706

    In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %11.79
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36705

    In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %11.79
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36703

    The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary we... Read more

    Affected Products : htmly
    • EPSS Score: %0.22
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36702

    The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inje... Read more

    Affected Products : htmly
    • EPSS Score: %0.20
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results