Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-29251

    BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.... Read more

    Affected Products : btcpay_server
    • EPSS Score: %0.23
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29250

    BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.... Read more

    Affected Products : btcpay_server
    • EPSS Score: %0.27
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29249

    BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.... Read more

    Affected Products : btcpay_server
    • EPSS Score: %0.32
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29248

    BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.... Read more

    Affected Products : btcpay_server
    • EPSS Score: %0.13
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29247

    BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.... Read more

    Affected Products : btcpay_server
    • EPSS Score: %0.28
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-29246

    BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted ... Read more

    Affected Products : btcpay_server
    • EPSS Score: %0.41
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29245

    BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.... Read more

    Affected Products : btcpay_server
    • EPSS Score: %0.36
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29243

    Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.... Read more

    Affected Products : cloudera_manager
    • EPSS Score: %0.46
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29242

    CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.... Read more

    • EPSS Score: %0.44
    • Published: May. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29241

    CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).... Read more

    • EPSS Score: %0.56
    • Published: May. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29240

    The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.... Read more

    Affected Products : development_system
    • EPSS Score: %0.26
    • Published: May. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29239

    CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.... Read more

    Affected Products : development_system
    • EPSS Score: %0.07
    • Published: May. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29238

    CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).... Read more

    Affected Products : automation_server
    • EPSS Score: %0.17
    • Published: May. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-29221

    A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a se... Read more

    Affected Products : windows erlang\/otp
    • EPSS Score: %0.11
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-29220

    Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confiden... Read more

    Affected Products : ilo_amplifier_pack
    • EPSS Score: %0.27
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29219

    A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch... Read more

    • EPSS Score: %0.06
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-29218

    A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malwa... Read more

    • EPSS Score: %0.06
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29217

    A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.... Read more

    Affected Products : oneview_global_dashboard
    • EPSS Score: %0.22
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29216

    A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.... Read more

    Affected Products : oneview_global_dashboard
    • EPSS Score: %0.53
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29215

    A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-... Read more

    Affected Products : tez ezmeral_data_fabric
    • EPSS Score: %0.50
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results