Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-35223

    The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.... Read more

    Affected Products : serv-u
    • EPSS Score: %4.51
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-35222

    This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.66
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-35221

    Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.46
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-35220

    Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform
    • EPSS Score: %1.63
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 6.0

    MEDIUM
    CVE-2021-35219

    ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.10
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.9

    HIGH
    CVE-2021-35218

    Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server... Read more

    Affected Products : orion_platform
    • EPSS Score: %24.71
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.9

    HIGH
    CVE-2021-35217

    Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserial... Read more

    Affected Products : orion_platform patch_manager
    • EPSS Score: %60.06
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-35216

    Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote... Read more

    Affected Products : orion_platform patch_manager
    • EPSS Score: %51.66
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.9

    HIGH
    CVE-2021-35215

    Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.... Read more

    Affected Products : orion_platform
    • EPSS Score: %88.20
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-35214

    The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change c... Read more

    Affected Products : pingdom
    • EPSS Score: %0.10
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-35213

    An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to ... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.34
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-35212

    An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any au... Read more

    Affected Products : orion_platform
    • EPSS Score: %1.77
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35210

    Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.... Read more

    Affected Products : contao
    • EPSS Score: %0.32
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35209

    An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The valu... Read more

    Affected Products : collaboration
    • EPSS Score: %2.66
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35208

    An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped... Read more

    Affected Products : collaboration
    • EPSS Score: %1.39
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35207

    An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding execut... Read more

    Affected Products : collaboration
    • EPSS Score: %0.97
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35206

    Gitpod before 0.6.0 allows unvalidated redirects.... Read more

    Affected Products : gitpod
    • EPSS Score: %0.50
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35205

    NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.... Read more

    Affected Products : ngeniusone
    • EPSS Score: %0.15
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35204

    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.... Read more

    Affected Products : ngeniusone
    • EPSS Score: %0.50
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-35203

    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.... Read more

    Affected Products : ngeniusone
    • EPSS Score: %0.34
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results