Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2021-27914

    A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript... Read more

    Affected Products : mautic
    • EPSS Score: %0.38
    • Published: Jun. 01, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-27913

    The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session ... Read more

    Affected Products : mautic
    • EPSS Score: %0.09
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-27912

    Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permissio... Read more

    Affected Products : mautic
    • EPSS Score: %0.39
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-27911

    Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact... Read more

    Affected Products : mautic
    • EPSS Score: %0.35
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-27910

    Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management cal... Read more

    Affected Products : mautic
    • EPSS Score: %0.30
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-27909

    For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or tr... Read more

    Affected Products : mautic
    • EPSS Score: %9.70
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-27908

    In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used ... Read more

    Affected Products : mautic
    • EPSS Score: %0.11
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27907

    Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in ... Read more

    Affected Products : superset
    • EPSS Score: %2.92
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27906

    A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.... Read more

    • EPSS Score: %0.33
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27905

    The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the... Read more

    Affected Products : solr
    • EPSS Score: %94.18
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27904

    An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.... Read more

    Affected Products : misp
    • EPSS Score: %0.05
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27903

    An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session)... Read more

    Affected Products : craft_cms
    • EPSS Score: %3.82
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27902

    An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.... Read more

    Affected Products : craft_cms
    • EPSS Score: %0.42
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-27901

    An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-27900

    The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All vers... Read more

    Affected Products : insider_threat_management
    • EPSS Score: %0.24
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-27899

    The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-midd... Read more

    Affected Products : insider_threat_management
    • EPSS Score: %0.11
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-27893

    SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.... Read more

    • EPSS Score: %0.05
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27892

    SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.... Read more

    • EPSS Score: %0.05
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27891

    SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.... Read more

    • EPSS Score: %0.51
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27890

    SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.... Read more

    Affected Products : mybb
    • EPSS Score: %5.71
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results