Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-32593

    A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages.... Read more

    Affected Products : fortiwan
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32592

    An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine ... Read more

    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32591

    A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of th... Read more

    Affected Products : fortimail fortiadc fortiweb fortisandbox
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-32590

    Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute... Read more

    Affected Products : fortiportal
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-32588

    A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploadi... Read more

    Affected Products : fortiportal
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32587

    An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32586

    An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.... Read more

    Affected Products : fortimail
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-32585

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests.... Read more

    Affected Products : fortiwan
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32582

    An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via ... Read more

    Affected Products : connectwise_automate
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-32581

    Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.... Read more

    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32580

    Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking.... Read more

    Affected Products : true_image
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32579

    Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.... Read more

    Affected Products : true_image
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32578

    Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).... Read more

    Affected Products : true_image
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32577

    Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.... Read more

    Affected Products : true_image
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32576

    Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).... Read more

    Affected Products : true_image
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32575

    HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.... Read more

    Affected Products : nomad
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32574

    HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.... Read more

    Affected Products : consul
    • Published: Jul. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-32573

    The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.... Read more

    Affected Products : express-cart
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32572

    Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file.... Read more

    Affected Products : web_viewer
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-32571

    In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affe... Read more

    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results