Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-32104

    A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.... Read more

    Affected Products : openemr
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-32103

    A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.... Read more

    Affected Products : openemr
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32102

    A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.... Read more

    Affected Products : openemr
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-32101

    The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal'... Read more

    Affected Products : openemr
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32100

    A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.... Read more

    Affected Products : pandora_fms
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32099

    A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.... Read more

    Affected Products : pandora_fms
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32098

    Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.... Read more

    Affected Products : pandora_fms
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32096

    The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.... Read more

    Affected Products : emissary
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-32095

    U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.... Read more

    Affected Products : emissary
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32094

    U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.... Read more

    Affected Products : emissary
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32093

    The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.... Read more

    Affected Products : emissary
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32092

    A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.... Read more

    Affected Products : emissary
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32091

    A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.... Read more

    Affected Products : localstack
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-32090

    The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.... Read more

    Affected Products : localstack
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32089

    An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information dis... Read more

    Affected Products : fx9500_firmware fx9500
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-32078

    An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32077

    Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are p... Read more

    Affected Products : msow_solutions
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32076

    Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range o... Read more

    Affected Products : web_help_desk
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32075

    Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.... Read more

    Affected Products : terraria
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32074

    HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.... Read more

    Affected Products : vault-action
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293246 Results