Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-29337

    MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory.... Read more

    Affected Products : dragon_center
    • EPSS Score: %0.09
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29329

    OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.... Read more

    Affected Products : moddable moddable_sdk
    • EPSS Score: %0.18
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-29328

    OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.... Read more

    Affected Products : moddable moddable_sdk
    • EPSS Score: %0.17
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29327

    OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c.... Read more

    Affected Products : moddable moddable_sdk
    • EPSS Score: %0.18
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29326

    OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c.... Read more

    Affected Products : moddable moddable_sdk
    • EPSS Score: %0.18
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29325

    OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c.... Read more

    Affected Products : moddable moddable_sdk
    • EPSS Score: %0.18
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29324

    OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c.... Read more

    Affected Products : moddable moddable_sdk
    • EPSS Score: %0.18
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29323

    OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c.... Read more

    Affected Products : moddable moddable_sdk
    • EPSS Score: %0.15
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29313

    Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,... Read more

    Affected Products : seacms
    • EPSS Score: %0.20
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-29302

    TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may ... Read more

    Affected Products : tl-wr802n_firmware tl-wr802n
    • EPSS Score: %10.97
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-29300

    The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.... Read more

    Affected Products : opened
    • EPSS Score: %38.18
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29298

    Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module ... Read more

    Affected Products : proficy_machine_edition
    • EPSS Score: %0.28
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29297

    Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100... Read more

    Affected Products : proficy_machine_edition
    • EPSS Score: %0.33
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29296

    Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr ... Read more

    Affected Products : dir-825_firmware dir-825
    • EPSS Score: %0.26
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29295

    Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the de... Read more

    Affected Products : dsp-w215_firmware dsp-w215
    • EPSS Score: %0.44
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29294

    Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: T... Read more

    Affected Products : dsl-2740r_firmware dsl-2740r
    • EPSS Score: %0.26
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29281

    File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.... Read more

    Affected Products : archiver
    • EPSS Score: %0.52
    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-29280

    In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • EPSS Score: %0.10
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29279

    There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.... Read more

    Affected Products : gpac
    • EPSS Score: %0.22
    • Published: Apr. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29274

    Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.... Read more

    Affected Products : redmine
    • EPSS Score: %0.32
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results