Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-31758

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %40.11
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31757

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %1.96
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31756

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input ve... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %1.51
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-31747

    Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.... Read more

    Affected Products : pluck
    • EPSS Score: %0.10
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31746

    Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.... Read more

    Affected Products : pluck
    • EPSS Score: %1.38
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31745

    Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an admini... Read more

    Affected Products : pluck
    • EPSS Score: %0.35
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31738

    Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.... Read more

    Affected Products : loganalyzer
    • EPSS Score: %0.34
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31737

    emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.... Read more

    Affected Products : emlog
    • EPSS Score: %22.78
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31731

    A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.... Read more

    Affected Products : kitecms
    • EPSS Score: %0.59
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31728

    Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a... Read more

    Affected Products : anti-malware antimalware
    • EPSS Score: %30.31
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31727

    Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, r... Read more

    Affected Products : anti-malware antimalware
    • EPSS Score: %0.16
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31726

    Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0).... Read more

    Affected Products : c315_firmware c315
    • EPSS Score: %4.42
    • Published: Apr. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31721

    Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.... Read more

    Affected Products : chevereto
    • EPSS Score: %0.40
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31718

    The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.... Read more

    Affected Products : npupnp
    • EPSS Score: %0.48
    • Published: Apr. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31712

    react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.... Read more

    Affected Products : react_draft_wysiwyg
    • EPSS Score: %0.26
    • Published: Apr. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31703

    Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user.... Read more

    Affected Products : ichris
    • EPSS Score: %0.43
    • Published: May. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31702

    Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.... Read more

    Affected Products : ichris
    • EPSS Score: %0.33
    • Published: May. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31701

    Mintty before 3.4.7 mishandles Bracketed Paste Mode.... Read more

    Affected Products : mintty
    • EPSS Score: %0.21
    • Published: Jun. 06, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31698

    Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon.... Read more

    Affected Products : eg25-g_firmware eg25-g
    • EPSS Score: %0.42
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31693

    The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware inf... Read more

    Affected Products : tools
    • EPSS Score: %0.06
    • Published: Nov. 29, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292749 Results