Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-35235

    The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The i... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %2.39
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35234

    Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.93
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35233

    The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that w... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.99
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-35232

    Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability ... Read more

    Affected Products : webhelpdesk web_help_desk
    • EPSS Score: %0.32
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-35231

    As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vuln... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.40
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-35230

    As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.... Read more

    Affected Products : kiwi_cattools
    • EPSS Score: %0.32
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-35229

    Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query... Read more

    • EPSS Score: %0.77
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-35228

    This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle a... Read more

    • EPSS Score: %0.92
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35227

    The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.... Read more

    Affected Products : access_rights_manager
    • EPSS Score: %0.71
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-35226

    An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. ... Read more

    Affected Products : network_configuration_manager
    • EPSS Score: %0.14
    • Published: Oct. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-35225

    Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and pote... Read more

    Affected Products : network_performance_monitor
    • EPSS Score: %1.70
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35223

    The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.... Read more

    Affected Products : serv-u
    • EPSS Score: %4.51
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-35222

    This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.66
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-35221

    Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.46
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-35220

    Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.... Read more

    Affected Products : orion_platform
    • EPSS Score: %1.63
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 6.0

    MEDIUM
    CVE-2021-35219

    ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.10
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.9

    HIGH
    CVE-2021-35218

    Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server... Read more

    Affected Products : orion_platform
    • EPSS Score: %24.71
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.9

    HIGH
    CVE-2021-35217

    Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserial... Read more

    Affected Products : orion_platform patch_manager
    • EPSS Score: %60.06
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-35216

    Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote... Read more

    Affected Products : orion_platform patch_manager
    • EPSS Score: %51.66
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.9

    HIGH
    CVE-2021-35215

    Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.... Read more

    Affected Products : orion_platform
    • EPSS Score: %88.20
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291395 Results