Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2021-28420

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.21
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28419

    The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.... Read more

    Affected Products : seo_panel
    • EPSS Score: %9.23
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28418

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.21
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28417

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.21
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28411

    An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.... Read more

    Affected Products : ruoyi
    • EPSS Score: %0.31
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28399

    OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.... Read more

    Affected Products : orangehrm
    • EPSS Score: %0.71
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28398

    A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perf... Read more

    Affected Products : geonetwork
    • EPSS Score: %0.34
    • Published: Sep. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28382

    Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.... Read more

    Affected Products : manageengine_key_manager_plus
    • EPSS Score: %19.52
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28381

    The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.... Read more

    Affected Products : vhs
    • EPSS Score: %0.37
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28380

    The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account.... Read more

    Affected Products : aimeos
    • EPSS Score: %0.27
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28379

    web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.... Read more

    Affected Products : vesta_control_panel myvesta
    • EPSS Score: %3.29
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28378

    Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.... Read more

    Affected Products : gitea
    • EPSS Score: %12.92
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28377

    ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.... Read more

    Affected Products : chronoforums
    • EPSS Score: %46.12
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-28376

    ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.... Read more

    Affected Products : chronoforums
    • EPSS Score: %0.14
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28375

    An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.... Read more

    • EPSS Score: %0.11
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28374

    The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configura... Read more

    Affected Products : debian_linux courier-authlib
    • EPSS Score: %0.24
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28373

    The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly d... Read more

    Affected Products : tiny_tiny_rss
    • EPSS Score: %0.15
    • Published: Mar. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-28372

    ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them int... Read more

    • EPSS Score: %0.92
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-28363

    The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of t... Read more

    • EPSS Score: %0.11
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28362

    An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extensi... Read more

    Affected Products : contiki contiki-os
    • EPSS Score: %0.35
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291779 Results