Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-35458

    Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.61
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35456

    Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload... Read more

    Affected Products : online_pet_shop_web_application
    • EPSS Score: %0.82
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-35452

    An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.12
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35451

    In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.... Read more

    Affected Products : pcoip_management_console
    • EPSS Score: %0.53
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-35450

    A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute... Read more

    Affected Products : admin_console
    • EPSS Score: %0.77
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35449

    The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the drive... Read more

    • EPSS Score: %13.29
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35448

    Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.... Read more

    Affected Products : windows emote_interactive_studio
    • EPSS Score: %0.37
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35440

    Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environme... Read more

    Affected Products : smashing
    • EPSS Score: %0.72
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35438

    phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.45
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35437

    SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class.... Read more

    Affected Products : lmxcms
    • EPSS Score: %0.08
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-35415

    A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %0.61
    • Published: Dec. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35414

    Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %2.20
    • Published: Dec. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35413

    A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %3.24
    • Published: Dec. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35397

    A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacke... Read more

    Affected Products : drogon
    • EPSS Score: %2.94
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-35391

    Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL.... Read more

    Affected Products : deskpro
    • EPSS Score: %0.06
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35380

    A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to d... Read more

    Affected Products : termtalk_server
    • EPSS Score: %73.49
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35377

    Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.... Read more

    Affected Products : vicidial
    • EPSS Score: %0.38
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35368

    OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.... Read more

    • EPSS Score: %0.24
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-35361

    A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.39
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-35360

    A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.36
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291335 Results