Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2021-31795

    The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.... Read more

    Affected Products : pvrsrvkm.ko
    • EPSS Score: %0.05
    • Published: Apr. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31794

    Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.... Read more

    Affected Products : directum
    • EPSS Score: %0.28
    • Published: Apr. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31793

    An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take... Read more

    Affected Products : wdb-20_firmware wdb-20
    • EPSS Score: %1.70
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31792

    XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field... Read more

    Affected Products : suitecrm
    • EPSS Score: %0.38
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31791

    In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.... Read more

    Affected Products : hardware_sentry_km_for_bmc_patrol
    • EPSS Score: %0.15
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31787

    The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the targ... Read more

    • EPSS Score: %0.13
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31786

    The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadloc... Read more

    • EPSS Score: %0.10
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31785

    The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via ... Read more

    • EPSS Score: %0.10
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31784

    An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denia... Read more

    • EPSS Score: %0.32
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31783

    show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.... Read more

    Affected Products : localfiles_editor
    • EPSS Score: %0.18
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31780

    In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead th... Read more

    Affected Products : misp misp
    • EPSS Score: %0.35
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-31779

    The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.... Read more

    Affected Products : yoast_seo
    • EPSS Score: %0.15
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31778

    The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account.... Read more

    Affected Products : media2click
    • EPSS Score: %0.21
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31776

    Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to... Read more

    Affected Products : windows vpn_client
    • EPSS Score: %0.05
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-31769

    MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators ... Read more

    Affected Products : myq_server
    • EPSS Score: %5.07
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31762

    Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.... Read more

    Affected Products : webmin
    • EPSS Score: %22.72
    • Published: Apr. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-31761

    Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.... Read more

    Affected Products : webmin
    • EPSS Score: %81.92
    • Published: Apr. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31760

    Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.... Read more

    Affected Products : webmin
    • EPSS Score: %39.87
    • Published: Apr. 25, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31758

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %40.11
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31757

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %1.96
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292428 Results