Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-35300

    Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.... Read more

    Affected Products : zammad
    • EPSS Score: %0.22
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35299

    Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.... Read more

    Affected Products : zammad
    • EPSS Score: %0.32
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35298

    Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.... Read more

    Affected Products : zammad
    • EPSS Score: %0.21
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35297

    Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlle... Read more

    Affected Products : dbase_viewer
    • EPSS Score: %0.92
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35296

    An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.... Read more

    Affected Products : hg150-ub_firmware hg150-ub
    • EPSS Score: %0.40
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-35290

    File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.... Read more

    Affected Products : balero_cms
    • EPSS Score: %0.21
    • Published: Feb. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35283

    SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php.... Read more

    Affected Products : atoms183_cms
    • EPSS Score: %0.67
    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35269

    NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.08
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35268

    In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.08
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35267

    NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.07
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35266

    In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.05
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35265

    A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.... Read more

    Affected Products : maxsite_cms
    • EPSS Score: %5.31
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35254

    SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.... Read more

    Affected Products : webhelpdesk
    • EPSS Score: %0.18
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35252

    Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.... Read more

    Affected Products : serv-u
    • EPSS Score: %0.15
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35251

    Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.... Read more

    Affected Products : web_help_desk
    • EPSS Score: %0.72
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35250

    A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.... Read more

    Affected Products : serv-u
    • EPSS Score: %91.92
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-35249

    This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This... Read more

    Affected Products : serv-u
    • EPSS Score: %0.06
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-35248

    It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.27
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35246

    The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for at... Read more

    Affected Products : engineer\'s_toolset
    • EPSS Score: %0.17
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-35245

    When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.... Read more

    Affected Products : windows serv-u
    • EPSS Score: %0.12
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291335 Results