Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-28126

    index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability... Read more

    • EPSS Score: %0.24
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-28125

    Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashb... Read more

    Affected Products : superset
    • EPSS Score: %4.82
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-28124

    A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support... Read more

    Affected Products : dataplatform cohesity_dataplatform
    • EPSS Score: %0.30
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28123

    Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.... Read more

    Affected Products : dataplatform cohesity_dataplatform
    • EPSS Score: %0.84
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28122

    A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example,... Read more

    Affected Products : open5gs
    • EPSS Score: %1.10
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28121

    Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field.... Read more

    Affected Products : virtual_robots.txt
    • EPSS Score: %0.98
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28119

    Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.... Read more

    Affected Products : twinkle_tray
    • EPSS Score: %6.47
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28117

    libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed ver... Read more

    Affected Products : discover
    • EPSS Score: %0.71
    • Published: Mar. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28116

    Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.... Read more

    Affected Products : fedora debian_linux squid
    • EPSS Score: %4.63
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-28115

    The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation.... Read more

    Affected Products : ougc_feedback
    • EPSS Score: %0.24
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28114

    Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.... Read more

    Affected Products : froala_editor
    • EPSS Score: %0.57
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-28113

    A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.... Read more

    Affected Products : access_gateway
    • EPSS Score: %3.01
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28112

    Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker.... Read more

    • EPSS Score: %2.34
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28111

    Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker.... Read more

    • EPSS Score: %2.96
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28110

    /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.... Read more

    • EPSS Score: %0.30
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-28109

    TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).... Read more

    Affected Products : tranzware_fimi
    • EPSS Score: %0.24
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28100

    Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.... Read more

    Affected Products : priam
    • EPSS Score: %0.04
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-28099

    In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created ca... Read more

    Affected Products : hollow
    • EPSS Score: %0.04
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28098

    An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout S... Read more

    Affected Products : counteract
    • EPSS Score: %0.05
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28096

    An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.... Read more

    Affected Products : stormshield_network_security
    • EPSS Score: %0.38
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results