Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-35474

    Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.... Read more

    Affected Products : debian_linux traffic_server
    • EPSS Score: %6.34
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35472

    An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two differen... Read more

    Affected Products : debian_linux lemonldap\
    • EPSS Score: %0.48
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35469

    The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.... Read more

    • EPSS Score: %0.03
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2021-35465

    Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P... Read more

    • EPSS Score: %0.05
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35463

    Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.25
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35458

    Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.61
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35456

    Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload... Read more

    Affected Products : online_pet_shop_web_application
    • EPSS Score: %0.82
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-35452

    An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.12
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35451

    In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.... Read more

    Affected Products : pcoip_management_console
    • EPSS Score: %0.53
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-35450

    A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute... Read more

    Affected Products : admin_console
    • EPSS Score: %0.77
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35449

    The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the drive... Read more

    • EPSS Score: %13.29
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35448

    Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.... Read more

    Affected Products : windows emote_interactive_studio
    • EPSS Score: %0.37
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35440

    Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environme... Read more

    Affected Products : smashing
    • EPSS Score: %0.72
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35438

    phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.45
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35437

    SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class.... Read more

    Affected Products : lmxcms
    • EPSS Score: %0.08
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-35415

    A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %0.61
    • Published: Dec. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35414

    Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %2.20
    • Published: Dec. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35413

    A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %3.24
    • Published: Dec. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35397

    A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacke... Read more

    Affected Products : drogon
    • EPSS Score: %2.94
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-35391

    Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL.... Read more

    Affected Products : deskpro
    • EPSS Score: %0.06
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results