Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-31609

    The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.... Read more

    Affected Products : iwrap wt32i-a
    • EPSS Score: %0.13
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31607

    In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and th... Read more

    Affected Products : fedora salt
    • EPSS Score: %9.30
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31606

    furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients.... Read more

    Affected Products : openvpn-monitor
    • EPSS Score: %1.08
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31605

    furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.... Read more

    Affected Products : openvpn-monitor
    • EPSS Score: %3.38
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31604

    furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client.... Read more

    Affected Products : openvpn-monitor
    • EPSS Score: %0.11
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31602

    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the... Read more

    • EPSS Score: %93.11
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-31601

    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated u... Read more

    • EPSS Score: %0.95
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31600

    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated u... Read more

    • EPSS Score: %0.22
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31599

    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run ... Read more

    • EPSS Score: %0.89
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31598

    An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.... Read more

    Affected Products : debian_linux ezxml
    • EPSS Score: %0.83
    • Published: Apr. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-31597

    The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other... Read more

    Affected Products : xmlhttprequest-ssl xmlhttprequest
    • EPSS Score: %0.37
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-31590

    PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgr... Read more

    Affected Products : pwndoc
    • EPSS Score: %1.49
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31589

    A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitizatio... Read more

    Affected Products : appliance_base_software
    • EPSS Score: %27.17
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31586

    Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.... Read more

    Affected Products : kiteworks
    • EPSS Score: %0.37
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-31585

    Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.... Read more

    Affected Products : kiteworks
    • EPSS Score: %0.18
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31584

    Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.... Read more

    • EPSS Score: %0.37
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31583

    Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being... Read more

    • EPSS Score: %0.30
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.9

    HIGH
    CVE-2021-31581

    The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadi... Read more

    Affected Products : ova_appliance provisioning_manager
    • EPSS Score: %15.58
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31580

    The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA applianc... Read more

    Affected Products : ova_appliance provisioning_manager
    • EPSS Score: %0.90
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31579

    Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Applia... Read more

    Affected Products : ova_appliance provisioning_manager
    • EPSS Score: %0.46
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292386 Results