Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-33360

    An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).... Read more

    Affected Products : gnuplot
    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33359

    A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.... Read more

    Affected Products : gowitness
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-33358

    Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute... Read more

    Affected Products : raspap
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33357

    A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS comma... Read more

    Affected Products : raspap
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-33356

    Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.... Read more

    Affected Products : raspap
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33348

    An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.... Read more

    Affected Products : jfinal
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33347

    An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur.... Read more

    Affected Products : jpress
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33346

    There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.... Read more

    Affected Products : dsl-2888a_firmware dsl-2888a
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33321

    Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be def... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33318

    An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the intern... Read more

    Affected Products : ipmatcher watsonwebserver
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33317

    The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending... Read more

    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33316

    The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a cr... Read more

    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33315

    The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a craft... Read more

    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33295

    Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.... Read more

    Affected Products : joplin
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-33294

    In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.... Read more

    Affected Products : elfutils
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-33293

    Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.... Read more

    Affected Products : debian_linux libpano13
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-33289

    In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-33287

    In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-33286

    In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.... Read more

    Affected Products : debian_linux ntfs-3g
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-33285

    In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-b... Read more

    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results