Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2021-33846

    Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arb... Read more

    • EPSS Score: %0.04
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-33845

    The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.... Read more

    Affected Products : splunk
    • EPSS Score: %0.29
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-33843

    Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings.... Read more

    • EPSS Score: %0.15
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-33842

    Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the networ... Read more

    Affected Products : sge-plc1000_firmware sge-plc1000
    • EPSS Score: %0.24
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-33841

    SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.... Read more

    Affected Products : sge-plc1000_firmware sge-plc1000
    • EPSS Score: %1.48
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33840

    The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature.... Read more

    Affected Products : luca
    • EPSS Score: %0.48
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33839

    Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting.... Read more

    Affected Products : luca
    • EPSS Score: %2.09
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33838

    Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number Registration.... Read more

    Affected Products : luca
    • EPSS Score: %2.13
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-33834

    An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.... Read more

    Affected Products : h2offt iscflashx64.sys
    • EPSS Score: %0.07
    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33833

    ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).... Read more

    Affected Products : debian_linux connection_manager
    • EPSS Score: %0.16
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-33831

    api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.... Read more

    Affected Products : covid-19_contact_tracing
    • EPSS Score: %8.03
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33829

    A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.... Read more

    Affected Products : fedora debian_linux drupal ckeditor
    • EPSS Score: %0.70
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-33828

    The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.... Read more

    Affected Products : files_antivirus
    • EPSS Score: %0.54
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-33827

    The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.... Read more

    Affected Products : files_antivirus
    • EPSS Score: %2.88
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33824

    An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then ... Read more

    Affected Products : mgate_mb3180_firmware mgate_mb3180
    • EPSS Score: %0.64
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33823

    An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.... Read more

    Affected Products : mgate_mb3180_firmware mgate_mb3180
    • EPSS Score: %0.54
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33822

    An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then t... Read more

    • EPSS Score: %0.56
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33820

    An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.... Read more

    • EPSS Score: %0.56
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33818

    An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted... Read more

    • EPSS Score: %0.56
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33816

    The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %2.57
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291360 Results