Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-35267

    NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.07
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-35266

    In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.05
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35265

    A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.... Read more

    Affected Products : maxsite_cms
    • EPSS Score: %5.31
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35254

    SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.... Read more

    Affected Products : webhelpdesk
    • EPSS Score: %0.18
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35252

    Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.... Read more

    Affected Products : serv-u
    • EPSS Score: %0.15
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35251

    Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.... Read more

    Affected Products : web_help_desk
    • EPSS Score: %0.72
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35250

    A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.... Read more

    Affected Products : serv-u
    • EPSS Score: %91.92
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-35249

    This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This... Read more

    Affected Products : serv-u
    • EPSS Score: %0.06
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-35248

    It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %0.27
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35246

    The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for at... Read more

    Affected Products : engineer\'s_toolset
    • EPSS Score: %0.17
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-35245

    When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.... Read more

    Affected Products : windows serv-u
    • EPSS Score: %0.12
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-35244

    The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file ... Read more

    Affected Products : orion_platform windows
    • EPSS Score: %19.20
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35243

    The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL.... Read more

    Affected Products : web_help_desk
    • EPSS Score: %0.46
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-35242

    Serv-U server responds with valid CSRFToken when the request contains only Session.... Read more

    Affected Products : serv-u
    • EPSS Score: %0.14
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-35240

    A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.... Read more

    Affected Products : internet_explorer orion_platform
    • EPSS Score: %0.16
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35239

    A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.16
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-35238

    User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.21
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.0

    MEDIUM
    CVE-2021-35237

    A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item,... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.21
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35236

    The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the coo... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %0.50
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35235

    The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The i... Read more

    Affected Products : kiwi_syslog_server
    • EPSS Score: %2.39
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291641 Results