Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-28027

    An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.... Read more

    Affected Products : bam
    • EPSS Score: %0.42
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28026

    jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.... Read more

    Affected Products : jpeg-xl jpeg_xl
    • EPSS Score: %0.51
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28025

    Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).... Read more

    Affected Products : qt
    • EPSS Score: %0.03
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28024

    Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.... Read more

    Affected Products : servicetonic
    • EPSS Score: %0.42
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28023

    Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.... Read more

    Affected Products : servicetonic
    • EPSS Score: %0.42
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28022

    Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.... Read more

    Affected Products : servicetonic
    • EPSS Score: %0.32
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28021

    Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.... Read more

    Affected Products : fedora debian_linux stb
    • EPSS Score: %0.21
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-28007

    Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.... Read more

    Affected Products : web_based_quiz_system
    • EPSS Score: %0.19
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-28006

    Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.... Read more

    Affected Products : web_based_quiz_system
    • EPSS Score: %0.21
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28002

    A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by us... Read more

    Affected Products : textpattern
    • EPSS Score: %0.23
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28001

    A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiti... Read more

    Affected Products : textpattern
    • EPSS Score: %0.34
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28000

    A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields.... Read more

    • EPSS Score: %0.37
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-27999

    A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.... Read more

    • EPSS Score: %0.19
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27990

    Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.... Read more

    Affected Products : appspace
    • EPSS Score: %0.56
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27989

    Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.... Read more

    Affected Products : appspace
    • EPSS Score: %0.18
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-27984

    In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.... Read more

    Affected Products : pluck
    • EPSS Score: %4.25
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27983

    Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.... Read more

    Affected Products : maxsite_cms
    • EPSS Score: %10.61
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-27973

    SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.27
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27971

    Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.... Read more

    Affected Products : touchpad_driver
    • EPSS Score: %0.16
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27969

    Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.... Read more

    Affected Products : dolphin
    • EPSS Score: %0.21
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results