Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2021-34610

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %3.30
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34609

    A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.61
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-34606

    A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential at... Read more

    Affected Products : xd\/e_series_plc_program_tool
    • EPSS Score: %0.06
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-34605

    A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infec... Read more

    Affected Products : xd\/e_series_plc_program_tool
    • EPSS Score: %0.31
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34602

    In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.... Read more

    • EPSS Score: %4.75
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34601

    In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to ... Read more

    • EPSS Score: %0.41
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34600

    Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.... Read more

    Affected Products : compasx
    • EPSS Score: %0.12
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-34599

    Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS cert... Read more

    Affected Products : development_system git
    • EPSS Score: %0.09
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34598

    In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active... Read more

    • EPSS Score: %0.27
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34597

    Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.... Read more

    Affected Products : pc_worx pc_worx_express
    • EPSS Score: %0.16
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-34594

    TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.... Read more

    • EPSS Score: %0.57
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34592

    In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.... Read more

    • EPSS Score: %2.11
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34591

    In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.... Read more

    • EPSS Score: %0.13
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-34590

    In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.... Read more

    • EPSS Score: %0.68
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34589

    In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.... Read more

    • EPSS Score: %0.30
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-34588

    In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .... Read more

    • EPSS Score: %0.26
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-34587

    In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.... Read more

    • EPSS Score: %0.29
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-34582

    In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34581

    Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.... Read more

    • EPSS Score: %1.58
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34580

    In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.... Read more

    Affected Products : mbconnect24 mymbconnect24
    • EPSS Score: %0.27
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291274 Results