Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-31859

    Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.... Read more

    Affected Products : safeq
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31858

    DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.... Read more

    Affected Products : dotnetnuke
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-31857

    In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.... Read more

    Affected Products : manageengine_password_manager_pro
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31856

    A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).... Read more

    Affected Products : meshery
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31855

    KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message ... Read more

    Affected Products : messagelib
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-31854

    A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAf... Read more

    Affected Products : agent
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31853

    DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.... Read more

    Affected Products : drive_encryption
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31852

    A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Pol... Read more

    Affected Products : policy_auditor
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31851

    A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified i... Read more

    Affected Products : policy_auditor
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31850

    A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly all... Read more

    Affected Products : database_security windows
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-31849

    SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO ... Read more

    Affected Products : data_loss_prevention_endpoint
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-31848

    Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully cr... Read more

    Affected Products : data_loss_prevention_endpoint
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-31847

    Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to ex... Read more

    Affected Products : agent
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-31845

    A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine ... Read more

    Affected Products : data_loss_prevention_discover
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-31844

    A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the loca... Read more

    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31843

    Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfe... Read more

    Affected Products : endpoint_security
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31842

    XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully edit... Read more

    Affected Products : endpoint_security
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-31841

    A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated pe... Read more

    Affected Products : agent mcafee_agent
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-31840

    A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, th... Read more

    Affected Products : agent mcafee_agent
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-31839

    Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior t... Read more

    Affected Products : agent
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293280 Results