Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-27964

    SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of th... Read more

    Affected Products : sonlogger
    • EPSS Score: %65.49
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-27963

    SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.... Read more

    Affected Products : sonlogger
    • EPSS Score: %4.50
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-27962

    Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.... Read more

    Affected Products : grafana
    • EPSS Score: %0.27
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27956

    Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %1.49
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-27954

    A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a... Read more

    Affected Products : ecobee3_lite_firmware ecobee3_lite
    • EPSS Score: %0.39
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27953

    A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a craf... Read more

    Affected Products : ecobee3_lite_firmware ecobee3_lite
    • EPSS Score: %1.26
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27952

    Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.... Read more

    Affected Products : ecobee3_lite_firmware ecobee3_lite
    • EPSS Score: %0.36
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27950

    A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.... Read more

    Affected Products : azurcms
    • EPSS Score: %0.47
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27949

    Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.... Read more

    Affected Products : mybb
    • EPSS Score: %0.22
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-27948

    SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).... Read more

    Affected Products : mybb
    • EPSS Score: %0.27
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-27947

    SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).... Read more

    Affected Products : mybb
    • EPSS Score: %0.27
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27946

    SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).... Read more

    Affected Products : mybb
    • EPSS Score: %0.23
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27945

    The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will... Read more

    Affected Products : squirro
    • EPSS Score: %0.37
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27944

    Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack... Read more

    • EPSS Score: %1.07
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27943

    The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to ... Read more

    • EPSS Score: %0.20
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-27942

    Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed.... Read more

    • EPSS Score: %0.06
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2021-27941

    Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and ... Read more

    Affected Products : ewelink
    • EPSS Score: %0.12
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27940

    resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.... Read more

    Affected Products : orchestrator
    • EPSS Score: %0.42
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27938

    A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a sp... Read more

    Affected Products : silverstripe_queued_jobs
    • EPSS Score: %0.24
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27935

    An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.... Read more

    Affected Products : adguard_home
    • EPSS Score: %0.32
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results