Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-35240

    A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.... Read more

    Affected Products : internet_explorer orion_platform
    • EPSS Score: %0.16
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35239

    A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.16
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-35238

    User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.21
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.0

    MEDIUM
    CVE-2021-35237

    A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item,... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.21
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35236

    The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the coo... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.50
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35235

    The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The i... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %2.39
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35234

    Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.93
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35233

    The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that w... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.99
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-35232

    Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability ... Read more

    Affected Products : webhelpdesk web_help_desk
    • EPSS Score: %0.32
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-35231

    As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vuln... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.40
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-35230

    As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.... Read more

    Affected Products : kiwi_cattools
    • EPSS Score: %0.32
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-35229

    Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query... Read more

    • EPSS Score: %0.77
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-35228

    This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle a... Read more

    • EPSS Score: %0.92
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35227

    The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.... Read more

    Affected Products : access_rights_manager
    • EPSS Score: %0.71
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-35226

    An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. ... Read more

    Affected Products : network_configuration_manager
    • EPSS Score: %0.14
    • Published: Oct. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-35225

    Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and pote... Read more

    Affected Products : network_performance_monitor
    • EPSS Score: %1.70
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35223

    The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.... Read more

    Affected Products : serv-u
    • EPSS Score: %4.51
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-35222

    This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.66
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-35221

    Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.46
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-35220

    Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform
    • EPSS Score: %1.63
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results