Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2021-33005

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories....

Affected Products : mypro
Published: May. 13, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-33004

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95...

Affected Products : webaccess\/hmi_designer
Published: Jun. 24, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-33003

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm....

Affected Products : diaenergie
Published: Aug. 30, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-33002

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior)....

Affected Products : webaccess\/hmi_designer
Published: Jun. 24, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-33001

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code....

Affected Products : xarrow
Published: May. 16, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-33000

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior)....

Affected Products : webaccess\/hmi_designer
Published: Jun. 24, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-32999

Improper handling of exceptional conditions in SuiteLink server while processing command 0x01...

Affected Products : suitelink
Published: Sep. 23, 2021

Modified: Nov. 21, 2024
8.2

HIGH

CVE-2021-32997

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and ...

Affected Products : bentley_nevada_3500_system_1_6.x_\(3060\/00\)_firmware bentley_nevada_3500_system_1_\(3072\/xx\)_firmware bentley_nevada_3500_system_1_\(3071\/xx\)_firmware bentley_nevada_3500\/22m_\(288055-01\)_firmware bentley_nevada_3500_rack_configuration_\(129133-01\)_firmware bentley_nevada_3500_system_1_6.x_\(3060\/00\) bentley_nevada_3500_system_1_\(3072\/xx\) bentley_nevada_3500_system_1_\(3071\/xx\) bentley_nevada_3500\/22m_\(288055-01\) bentley_nevada_3500_rack_configuration_\(129133-01\)
Published: May. 25, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-32995

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current proces...

Affected Products : cscape
Published: Aug. 25, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-32994

Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets...

Affected Products : opc_ua_c\+\+_software_development_kit
Published: Apr. 04, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-32993

IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data....

Affected Products : intellibridge_ec40_firmware intellibridge_ec80_firmware intellibridge_ec40 intellibridge_ec80
Published: Dec. 27, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-32992

FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code....

Affected Products : winproladder
Published: Jun. 29, 2021

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2021-32991

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally....

Affected Products : diaenergie
Published: Aug. 30, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-32990

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code....

Affected Products : winproladder
Published: Jun. 29, 2021

Modified: Nov. 21, 2024
9.3

CRITICAL

CVE-2021-32989

When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting....

Affected Products : laquis_scada
Published: May. 25, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-32988

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code....

Affected Products : winproladder
Published: Jun. 29, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-32987

Null pointer dereference in SuiteLink server while processing command 0x0b...

Affected Products : suitelink
Published: Sep. 23, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming...

Affected Products : c0-10dd1e-d_firmware c0-10dd2e-d_firmware c0-10dre-d_firmware c0-10are-d_firmware c0-11dd1e-d_firmware c0-11dd2e-d_firmware c0-11dre-d_firmware c0-11are-d_firmware c0-12dd1e-d_firmware c0-12dd2e-d_firmware +30 more products
Published: Apr. 04, 2022

Modified: Nov. 21, 2024
7.2

HIGH

CVE-2021-32985

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid....

Affected Products : system_platform
Published: Apr. 04, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker c...

Affected Products : c0-10dd1e-d_firmware c0-10dd2e-d_firmware c0-10dre-d_firmware c0-10are-d_firmware c0-11dd1e-d_firmware c0-11dd2e-d_firmware c0-11dre-d_firmware c0-11are-d_firmware c0-12dd1e-d_firmware c0-12dd2e-d_firmware +30 more products
Published: Apr. 04, 2022

Modified: Nov. 21, 2024

Showing 20 of 292795 Results

Browse by Apps

Latest CVE Feed

7.5

7.8

5.5

7.8

6.1

7.8

7.5

8.2

7.8

7.5

8.8

9.8

4.3

9.8

9.3

9.8

7.5

9.8

7.2

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable