Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-27758

    There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.... Read more

    Affected Products : bigfix_inventory
    • EPSS Score: %0.08
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27757

    " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain acc... Read more

    Affected Products : bigfix_insights
    • EPSS Score: %0.15
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27756

    "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."... Read more

    Affected Products : bigfix_compliance
    • EPSS Score: %0.14
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27755

    "Sametime Android potential path traversal vulnerability when using File class"... Read more

    Affected Products : hcl_sametime
    • EPSS Score: %0.08
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27753

    "Sametime Android PathTraversal Vulnerability"... Read more

    Affected Products : hcl_sametime
    • EPSS Score: %0.08
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-27751

    HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.... Read more

    Affected Products : hcl_commerce commerce
    • EPSS Score: %0.04
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27746

    "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"... Read more

    Affected Products : connections
    • EPSS Score: %0.50
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-27741

    " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"... Read more

    Affected Products : hcl_commerce
    • EPSS Score: %0.37
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27738

    All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassi... Read more

    Affected Products : kylin
    • EPSS Score: %2.43
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27737

    Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.... Read more

    Affected Products : traffic_server
    • EPSS Score: %9.47
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27736

    FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.... Read more

    Affected Products : saml_v2
    • EPSS Score: %0.28
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27734

    Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.... Read more

    Affected Products : hirschmann_hios hisecos
    • EPSS Score: %0.12
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27733

    In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.... Read more

    Affected Products : youtrack
    • EPSS Score: %0.01
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27731

    Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.... Read more

    Affected Products : fta
    • EPSS Score: %0.33
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27730

    Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.... Read more

    Affected Products : fta
    • EPSS Score: %0.42
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27722

    An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.... Read more

    Affected Products : spotauditor
    • EPSS Score: %0.74
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27715

    An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.... Read more

    • EPSS Score: %0.06
    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27710

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs becau... Read more

    • EPSS Score: %20.15
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27708

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs becau... Read more

    • EPSS Score: %20.15
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27707

    Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the para... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • EPSS Score: %3.11
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results