Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-35488

    Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user brows... Read more

    Affected Products : thruk
    • EPSS Score: %16.44
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-35487

    Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows... Read more

    Affected Products : broadcast_message_center
    • EPSS Score: %0.64
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35482

    An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation sy... Read more

    Affected Products : mirrorop_windows_sender
    • EPSS Score: %0.16
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35479

    Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.... Read more

    Affected Products : log_server
    • EPSS Score: %41.44
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35478

    Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.... Read more

    Affected Products : log_server
    • EPSS Score: %49.20
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-35477

    In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store o... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.00
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35475

    SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.... Read more

    Affected Products : environment_manager
    • EPSS Score: %0.53
    • Published: Jun. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35474

    Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.... Read more

    Affected Products : debian_linux traffic_server
    • EPSS Score: %6.34
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35472

    An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two differen... Read more

    Affected Products : debian_linux lemonldap\
    • EPSS Score: %0.48
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35469

    The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.... Read more

    • EPSS Score: %0.03
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2021-35465

    Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P... Read more

    • EPSS Score: %0.05
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35463

    Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.25
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35458

    Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.61
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35456

    Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload... Read more

    Affected Products : online_pet_shop_web_application
    • EPSS Score: %0.82
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-35452

    An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.12
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35451

    In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.... Read more

    Affected Products : pcoip_management_console
    • EPSS Score: %0.53
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-35450

    A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute... Read more

    Affected Products : admin_console
    • EPSS Score: %0.77
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35449

    The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the drive... Read more

    • EPSS Score: %13.29
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35448

    Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.... Read more

    Affected Products : windows emote_interactive_studio
    • EPSS Score: %0.37
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35440

    Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environme... Read more

    Affected Products : smashing
    • EPSS Score: %0.72
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291395 Results