Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.5

MEDIUM

CVE-2021-28318

Windows GDI+ Information Disclosure Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %0.54

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28317

Microsoft Windows Codecs Library Information Disclosure Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %0.45

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
4.6

MEDIUM

CVE-2021-28316

Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +9 more products
EPSS Score: %0.31

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-28315

Windows Media Video Decoder Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %1.13

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-28314

Windows Hyper-V Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1809 windows_10_20h2 windows_10_1909 windows_server_20h2 windows_server_1909 windows_server_2004
EPSS Score: %0.51

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-28313

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_server_2016 windows_server_2019 visual_studio_2017 visual_studio_2019 visual_studio windows_10_1809 windows_10_20h2 windows_10_1803 windows_10_1909 +3 more products
EPSS Score: %0.67

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-28312

Windows NTFS Denial of Service Vulnerability...

Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1809 windows_10_20h2 windows_10_1909 windows_server_20h2 windows_server_1909 windows_server_2004
EPSS Score: %8.28

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-28311

Windows Application Compatibility Cache Denial of Service Vulnerability...

Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_1803 windows_10_1909 windows_server_20h2 windows_server_1909 +1 more products
EPSS Score: %1.26

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28309

Windows Kernel Information Disclosure Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %0.40

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
9.1

CRITICAL

CVE-2021-28308

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation....

Affected Products : fltk
EPSS Score: %0.43

Published: Mar. 12, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-28307

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon....

Affected Products : fltk
EPSS Score: %0.34

Published: Mar. 12, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-28306

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent....

Affected Products : fltk
EPSS Score: %0.34

Published: Mar. 12, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-28305

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed....

Affected Products : diesel
EPSS Score: %0.51

Published: Mar. 12, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-28302

A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash....

Affected Products : pupnp
EPSS Score: %0.37

Published: Mar. 12, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-28300

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file....

Affected Products : gpac
EPSS Score: %0.94

Published: Apr. 14, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-28295

Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure....

Affected Products : online_ordering_system
EPSS Score: %0.66

Published: Mar. 16, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-28294

Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE)....

Affected Products : online_ordering_system
EPSS Score: %2.61

Published: Mar. 16, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-28293

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functional...

Affected Products : aisiem
EPSS Score: %1.78

Published: Jun. 08, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-28290

A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter....

Affected Products : identityserver4.admin
EPSS Score: %0.21

Published: May. 11, 2022

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-28280

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...

Affected Products : phpfusion
EPSS Score: %0.30

Published: Apr. 29, 2021

Modified: Nov. 21, 2024

Showing 20 of 291737 Results

Latest CVE Feed

5.5

5.5

4.6

7.8

7.8

7.8

6.5

6.5

5.5

9.1

7.5

7.5

9.8

7.5

9.8

7.5

9.8

9.8

6.1

6.1

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable