Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-34165

    A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin.... Read more

    Affected Products : basic_shopping_cart
    • EPSS Score: %0.66
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34150

    The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new ... Read more

    Affected Products : ab5301a_firmware ab5301a
    • EPSS Score: %0.13
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34149

    The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it ... Read more

    • EPSS Score: %0.15
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34148

    The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in rad... Read more

    • EPSS Score: %0.10
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34147

    The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to ... Read more

    • EPSS Score: %0.10
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34146

    The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flood... Read more

    • EPSS Score: %0.10
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-34145

    The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP se... Read more

    • EPSS Score: %0.12
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34144

    The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent n... Read more

    Affected Products : fw-ac63_bt_sdk ac6936 ac6951 ac6952 ac6954 ac6955 ac6956 ac6963 ac6965 ac6966 +5 more products
    • EPSS Score: %0.14
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34143

    The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by floodin... Read more

    Affected Products : fw-ac63_bt_sdk ac6936 ac6951 ac6952 ac6954 ac6955 ac6956 ac6963 ac6965 ac6966 +5 more products
    • EPSS Score: %0.24
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-34141

    An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harm... Read more

    • EPSS Score: %0.06
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-34129

    LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, ol... Read more

    Affected Products : laiketui
    • EPSS Score: %0.87
    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34128

    LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.... Read more

    Affected Products : laiketui
    • EPSS Score: %0.74
    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34123

    An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file.... Read more

    Affected Products : atasm
    • EPSS Score: %0.09
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34122

    The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.... Read more

    Affected Products : ffjpeg ffjpeg
    • EPSS Score: %0.27
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34121

    An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.... Read more

    Affected Products : htmldoc
    • EPSS Score: %0.03
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34119

    A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.... Read more

    Affected Products : htmldoc
    • EPSS Score: %0.02
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34111

    Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.... Read more

    Affected Products : n4800eco_firmware n4800eco
    • EPSS Score: %12.54
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-34110

    WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.... Read more

    Affected Products : winwaste.net
    • EPSS Score: %1.97
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-34087

    In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.... Read more

    • EPSS Score: %0.38
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34086

    In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.... Read more

    • EPSS Score: %0.21
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291305 Results