Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2021-28000

    A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields.... Read more

    • EPSS Score: %0.37
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-27999

    A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.... Read more

    • EPSS Score: %0.19
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27990

    Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.... Read more

    Affected Products : appspace
    • EPSS Score: %0.56
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27989

    Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.... Read more

    Affected Products : appspace
    • EPSS Score: %0.18
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-27984

    In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.... Read more

    Affected Products : pluck
    • EPSS Score: %4.25
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27983

    Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.... Read more

    Affected Products : maxsite_cms
    • EPSS Score: %10.61
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-27973

    SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.27
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27971

    Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.... Read more

    Affected Products : touchpad_driver
    • EPSS Score: %0.16
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27969

    Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.... Read more

    Affected Products : dolphin
    • EPSS Score: %0.21
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27965

    The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.... Read more

    Affected Products : dragon_center
    • EPSS Score: %22.63
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27964

    SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of th... Read more

    Affected Products : sonlogger
    • EPSS Score: %65.49
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-27963

    SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.... Read more

    Affected Products : sonlogger
    • EPSS Score: %4.50
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-27962

    Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.... Read more

    Affected Products : grafana
    • EPSS Score: %0.27
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27956

    Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %1.49
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-27954

    A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a... Read more

    Affected Products : ecobee3_lite_firmware ecobee3_lite
    • EPSS Score: %0.39
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27953

    A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a craf... Read more

    Affected Products : ecobee3_lite_firmware ecobee3_lite
    • EPSS Score: %1.26
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27952

    Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.... Read more

    Affected Products : ecobee3_lite_firmware ecobee3_lite
    • EPSS Score: %0.36
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27950

    A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.... Read more

    Affected Products : azurcms
    • EPSS Score: %0.47
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27949

    Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.... Read more

    Affected Products : mybb
    • EPSS Score: %0.22
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-27948

    SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).... Read more

    Affected Products : mybb
    • EPSS Score: %0.27
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291737 Results