Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-34821

    Cross Site Scripting (XSS) vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests ... Read more

    Affected Products : novus_management_system
    • EPSS Score: %0.39
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34820

    Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to ... Read more

    Affected Products : novus_management_system
    • EPSS Score: %3.02
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-34817

    A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.... Read more

    Affected Products : etherpad
    • EPSS Score: %0.85
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-34816

    An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.... Read more

    Affected Products : etherpad
    • EPSS Score: %0.44
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-34815

    CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter.... Read more

    Affected Products : canopy
    • EPSS Score: %0.30
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34814

    Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.... Read more

    Affected Products : spam_engine
    • EPSS Score: %0.41
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34813

    Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution mig... Read more

    Affected Products : olm
    • EPSS Score: %4.46
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34812

    Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : calendar
    • EPSS Score: %0.22
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.0

    MEDIUM
    CVE-2021-34811

    Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.... Read more

    Affected Products : download_station
    • EPSS Score: %0.12
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-34810

    Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : download_station
    • EPSS Score: %1.11
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-34809

    Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vect... Read more

    Affected Products : download_station
    • EPSS Score: %1.64
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-34808

    Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.... Read more

    Affected Products : media_server
    • EPSS Score: %0.18
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-34807

    An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, ... Read more

    Affected Products : collaboration
    • EPSS Score: %0.86
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34805

    An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.... Read more

    Affected Products : faust_iserver
    • EPSS Score: %90.22
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34803

    TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.... Read more

    Affected Products : teamviewer windows vbase_web-remote
    • EPSS Score: %0.03
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34802

    A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.... Read more

    Affected Products : graph_databse
    • EPSS Score: %0.55
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-34801

    Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.... Read more

    Affected Products : valine
    • EPSS Score: %1.05
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34800

    Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147... Read more

    Affected Products : agent
    • EPSS Score: %0.32
    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34798

    Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.... Read more

    • EPSS Score: %10.97
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34797

    Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-",... Read more

    Affected Products : geode
    • EPSS Score: %0.36
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291274 Results