Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-31946

    Paint 3D Remote Code Execution Vulnerability... Read more

    Affected Products : paint_3d
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31945

    Paint 3D Remote Code Execution Vulnerability... Read more

    Affected Products : paint_3d
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31944

    3D Viewer Information Disclosure Vulnerability... Read more

    Affected Products : 3d_viewer
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31943

    3D Viewer Remote Code Execution Vulnerability... Read more

    Affected Products : 3d_viewer
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31942

    3D Viewer Remote Code Execution Vulnerability... Read more

    Affected Products : 3d_viewer
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31941

    Microsoft Office Graphics Remote Code Execution Vulnerability... Read more

    Affected Products : office 365_apps outlook
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31940

    Microsoft Office Graphics Remote Code Execution Vulnerability... Read more

    Affected Products : office 365_apps
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31939

    Microsoft Excel Remote Code Execution Vulnerability... Read more

    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31938

    Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability... Read more

    Affected Products : kubernetes_tools
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-31936

    Microsoft Accessibility Insights for Web Information Disclosure Vulnerability... Read more

    Affected Products : accessibility_insights_for_web
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31935

    OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31934

    OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-31933

    A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated admi... Read more

    Affected Products : chamilo_lms chamilo
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31932

    Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for t... Read more

    Affected Products : bts_trs_web_console
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31930

    Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When... Read more

    Affected Products : concerto
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31929

    Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals.... Read more

    Affected Products : loyalty_experience_platform
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-31928

    Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2.... Read more

    Affected Products : loyalty_experience_platform
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31927

    An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in ... Read more

    Affected Products : loyalty_experience_platform
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31926

    AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the applicable API endpoint (despite not having permission ... Read more

    Affected Products : amp
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31925

    Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.... Read more

    Affected Products : pexip_infinity
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292862 Results