Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-32937

    An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working director... Read more

    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32936

    An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer ... Read more

    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-32935

    The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation.... Read more

    Affected Products : in-sight_opc_server
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-32934

    The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT mo... Read more

    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-32933

    An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious proce... Read more

    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32932

    The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).... Read more

    Affected Products : iview
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32931

    An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.... Read more

    Affected Products : fvdesigner
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32930

    The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).... Read more

    Affected Products : iview
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32929

    All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.... Read more

    Affected Products : gps_tracker
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32928

    The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close P... Read more

    Affected Products : sentinel_ldk_run-time_environment
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-32927

    An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.... Read more

    Affected Products : gps_tracker
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32926

    When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to a... Read more

    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32925

    admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.... Read more

    Affected Products : chamilo_lms chamilo
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32924

    Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.... Read more

    Affected Products : ips_community_suite
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-32923

    HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use... Read more

    Affected Products : vault
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-32921

    An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings ... Read more

    Affected Products : fedora debian_linux prosody lua
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32920

    Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.... Read more

    Affected Products : fedora debian_linux prosody
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32919

    An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowin... Read more

    Affected Products : fedora debian_linux prosody
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32918

    An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.... Read more

    Affected Products : fedora debian_linux prosody lua
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32917

    An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.... Read more

    Affected Products : fedora debian_linux prosody
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results