Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-31875

    In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the sign... Read more

    Affected Products : mongooseos_mjs
    • EPSS Score: %0.55
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-31874

    Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %1.22
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31873

    An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.... Read more

    Affected Products : debian_linux klibc
    • EPSS Score: %1.01
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31872

    An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.... Read more

    Affected Products : debian_linux klibc
    • EPSS Score: %1.17
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31871

    An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.... Read more

    Affected Products : debian_linux klibc
    • EPSS Score: %1.59
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31870

    An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.... Read more

    Affected Products : debian_linux klibc
    • EPSS Score: %1.28
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31869

    Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.... Read more

    Affected Products : adminbundle
    • EPSS Score: %0.01
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31868

    Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on Au... Read more

    Affected Products : nexpose
    • EPSS Score: %0.12
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31867

    Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product... Read more

    Affected Products : customer_management_framework
    • EPSS Score: %0.03
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-31866

    Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.... Read more

    Affected Products : debian_linux redmine
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-31865

    Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.... Read more

    Affected Products : debian_linux redmine
    • EPSS Score: %0.39
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-31864

    Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.... Read more

    Affected Products : debian_linux redmine
    • EPSS Score: %0.22
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31863

    Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.... Read more

    Affected Products : debian_linux redmine
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31862

    SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.... Read more

    Affected Products : sysaid
    • EPSS Score: %41.30
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31859

    Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.... Read more

    Affected Products : safeq
    • EPSS Score: %0.08
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31858

    DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.... Read more

    Affected Products : dotnetnuke
    • EPSS Score: %0.23
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-31857

    In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.... Read more

    Affected Products : manageengine_password_manager_pro
    • EPSS Score: %0.94
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31856

    A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).... Read more

    Affected Products : meshery
    • EPSS Score: %83.18
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31855

    KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message ... Read more

    Affected Products : messagelib
    • EPSS Score: %0.14
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-31854

    A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAf... Read more

    Affected Products : agent
    • EPSS Score: %0.32
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results