Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-27933

    pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.... Read more

    Affected Products : pfsense
    • EPSS Score: %1.46
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27932

    Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.... Read more

    Affected Products : ssl_vpn_client
    • EPSS Score: %0.05
    • Published: Aug. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-27931

    LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of ser... Read more

    Affected Products : lumis_experience_platform
    • EPSS Score: %86.57
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27930

    Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code ... Read more

    Affected Products : irisnext
    • EPSS Score: %0.10
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-27928

    A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path le... Read more

    • EPSS Score: %48.95
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27927

    In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSI... Read more

    Affected Products : zabbix
    • EPSS Score: %0.38
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-27925

    An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have ... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.22
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-27924

    An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expi... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.16
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27919

    archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.... Read more

    Affected Products : fedora go
    • EPSS Score: %0.13
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27918

    encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.... Read more

    Affected Products : go
    • EPSS Score: %0.03
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-27914

    A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript... Read more

    Affected Products : mautic
    • EPSS Score: %0.38
    • Published: Jun. 01, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-27913

    The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session ... Read more

    Affected Products : mautic
    • EPSS Score: %0.09
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-27912

    Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permissio... Read more

    Affected Products : mautic
    • EPSS Score: %0.39
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-27911

    Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact... Read more

    Affected Products : mautic
    • EPSS Score: %0.35
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-27910

    Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management cal... Read more

    Affected Products : mautic
    • EPSS Score: %0.30
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-27909

    For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or tr... Read more

    Affected Products : mautic
    • EPSS Score: %9.70
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-27908

    In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used ... Read more

    Affected Products : mautic
    • EPSS Score: %0.11
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27907

    Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in ... Read more

    Affected Products : superset
    • EPSS Score: %2.92
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27906

    A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.... Read more

    • EPSS Score: %0.33
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27905

    The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the... Read more

    Affected Products : solr
    • EPSS Score: %94.18
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results