Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-38424

    The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38423

    All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.... Read more

    Affected Products : gurumdds
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38422

    Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38421

    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38420

    Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38419

    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-38418

    Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38416

    Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38415

    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38413

    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38412

    Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service... Read more

    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38411

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to ... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38409

    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38408

    A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.... Read more

    Affected Products : webaccess
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38407

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute c... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38405

    The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.... Read more

    Affected Products : jt2go teamcenter_visualization
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38404

    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in t... Read more

    Affected Products : dopsoft
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38403

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely e... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38402

    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An att... Read more

    Affected Products : dopsoft
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-38401

    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.... Read more

    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292787 Results