Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2021-34129

    LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, ol... Read more

    Affected Products : laiketui
    • EPSS Score: %0.87
    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34128

    LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.... Read more

    Affected Products : laiketui
    • EPSS Score: %0.74
    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34123

    An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file.... Read more

    Affected Products : atasm
    • EPSS Score: %0.09
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34122

    The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.... Read more

    Affected Products : ffjpeg ffjpeg
    • EPSS Score: %0.27
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34121

    An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.... Read more

    Affected Products : htmldoc
    • EPSS Score: %0.03
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34119

    A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.... Read more

    Affected Products : htmldoc
    • EPSS Score: %0.02
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34111

    Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.... Read more

    Affected Products : n4800eco_firmware n4800eco
    • EPSS Score: %12.54
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34110

    WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.... Read more

    Affected Products : winwaste.net
    • EPSS Score: %1.97
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-34087

    In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.... Read more

    • EPSS Score: %0.38
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34086

    In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.... Read more

    • EPSS Score: %0.21
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34085

    Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability tha... Read more

    Affected Products : mp3gain mp3gain
    • EPSS Score: %0.59
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34084

    OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.... Read more

    Affected Products : s3-uploader
    • EPSS Score: %15.12
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-34083

    Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved fr... Read more

    Affected Products : google-it
    • EPSS Score: %0.58
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34082

    OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.... Read more

    Affected Products : proctree
    • EPSS Score: %13.69
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-34081

    OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.... Read more

    Affected Products : gitsome
    • EPSS Score: %6.24
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34080

    OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.... Read more

    Affected Products : ssl-utils
    • EPSS Score: %15.12
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34079

    OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.... Read more

    Affected Products : docker-tester
    • EPSS Score: %10.56
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-34078

    lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.... Read more

    Affected Products : lifion-verifiy-dependencies
    • EPSS Score: %1.54
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-34075

    In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.... Read more

    Affected Products : pandora_fms
    • EPSS Score: %0.36
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34074

    PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.... Read more

    Affected Products : pandora_fms
    • EPSS Score: %4.04
    • Published: Jun. 25, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results