Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-29004

    rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the serv... Read more

    Affected Products : rconfig
    • EPSS Score: %1.33
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29003

    Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.... Read more

    • EPSS Score: %36.44
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29002

    A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.... Read more

    Affected Products : plone
    • EPSS Score: %0.31
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28994

    kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.... Read more

    Affected Products : groupware_core zarafa
    • EPSS Score: %0.41
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28993

    Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote).... Read more

    Affected Products : scrutinizer
    • EPSS Score: %0.30
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-28979

    SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.... Read more

    Affected Products : safenet_keysecure
    • EPSS Score: %0.54
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28977

    Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,... Read more

    Affected Products : getsimplecms
    • EPSS Score: %0.24
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28976

    Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.... Read more

    Affected Products : getsimplecms
    • EPSS Score: %10.06
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-28975

    WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.... Read more

    Affected Products : wp_mailster
    • EPSS Score: %0.21
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-28973

    The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.... Read more

    Affected Products : helix_alm
    • EPSS Score: %0.24
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28972

    In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack f... Read more

    • EPSS Score: %0.05
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28971

    In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05... Read more

    • EPSS Score: %0.03
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-28970

    eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3.... Read more

    • EPSS Score: %0.20
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-28969

    eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2... Read more

    • EPSS Score: %0.18
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28968

    An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.... Read more

    Affected Products : punbb
    • EPSS Score: %0.27
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28966

    In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.... Read more

    Affected Products : ruby windows
    • EPSS Score: %0.32
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28965

    The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.... Read more

    Affected Products : ruby fedora rexml
    • EPSS Score: %0.39
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2021-28964

    A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bff... Read more

    • EPSS Score: %0.09
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28963

    Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.... Read more

    Affected Products : debian_linux service_provider
    • EPSS Score: %0.49
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28962

    Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.... Read more

    • EPSS Score: %0.76
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291570 Results