Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-35251

    Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.... Read more

    Affected Products : web_help_desk
    • EPSS Score: %0.72
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35250

    A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.... Read more

    Affected Products : serv-u
    • EPSS Score: %91.92
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-35249

    This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This... Read more

    Affected Products : serv-u
    • EPSS Score: %0.06
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-35248

    It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.27
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35246

    The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for at... Read more

    Affected Products : engineer\'s_toolset
    • EPSS Score: %0.17
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-35245

    When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.... Read more

    Affected Products : windows serv-u
    • EPSS Score: %0.12
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-35244

    The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file ... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %19.20
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35243

    The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL.... Read more

    Affected Products : web_help_desk
    • EPSS Score: %0.46
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35242

    Serv-U server responds with valid CSRFToken when the request contains only Session.... Read more

    Affected Products : serv-u
    • EPSS Score: %0.14
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-35240

    A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.... Read more

    Affected Products : internet_explorer orion_platform
    • EPSS Score: %0.16
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35239

    A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.16
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-35238

    User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.21
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.0

    MEDIUM
    CVE-2021-35237

    A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item,... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.21
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35236

    The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the coo... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.50
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35235

    The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The i... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %2.39
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35234

    Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.93
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35233

    The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that w... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.99
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-35232

    Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability ... Read more

    Affected Products : webhelpdesk web_help_desk
    • EPSS Score: %0.32
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-35231

    As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vuln... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.40
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-35230

    As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.... Read more

    Affected Products : kiwi_cattools
    • EPSS Score: %0.32
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291389 Results