Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-28290

    A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.... Read more

    Affected Products : identityserver4.admin
    • EPSS Score: %0.21
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-28280

    CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML... Read more

    Affected Products : phpfusion
    • EPSS Score: %0.30
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28278

    A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.... Read more

    Affected Products : jhead
    • EPSS Score: %0.09
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28277

    A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.... Read more

    Affected Products : jhead
    • EPSS Score: %0.09
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28276

    A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.... Read more

    Affected Products : jhead
    • EPSS Score: %0.08
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28275

    A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.... Read more

    Affected Products : jhead
    • EPSS Score: %0.06
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28271

    Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' fla... Read more

    Affected Products : 701clientsql 701server 701serversql
    • EPSS Score: %1.81
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28269

    Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.... Read more

    Affected Products : 701client
    • EPSS Score: %1.81
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28250

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This... Read more

    Affected Products : ehealth_performance_manager
    • EPSS Score: %0.05
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28249

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically lin... Read more

    Affected Products : ehealth_performance_manager
    • EPSS Score: %0.05
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28248

    CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually ... Read more

    Affected Products : ehealth
    • EPSS Score: %0.24
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28247

    CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflect... Read more

    Affected Products : ehealth_performance_manager
    • EPSS Score: %0.15
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28246

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executabl... Read more

    Affected Products : ehealth
    • EPSS Score: %0.06
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28245

    PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.... Read more

    Affected Products : pbootcms
    • EPSS Score: %0.24
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28242

    SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.... Read more

    Affected Products : b2evolution
    • EPSS Score: %0.48
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28237

    LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.... Read more

    Affected Products : libredwg
    • EPSS Score: %0.41
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28236

    LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.... Read more

    Affected Products : libredwg
    • EPSS Score: %0.44
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28233

    Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c.... Read more

    Affected Products : ok-file-formats
    • EPSS Score: %0.35
    • Published: Aug. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28216

    BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.... Read more

    Affected Products : edk_ii
    • EPSS Score: %0.16
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28213

    Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.... Read more

    Affected Products : edk_ii edk2
    • EPSS Score: %0.37
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291739 Results