Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2021-27900

    The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All vers... Read more

    Affected Products : insider_threat_management
    • EPSS Score: %0.24
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-27899

    The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-midd... Read more

    Affected Products : insider_threat_management
    • EPSS Score: %0.11
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-27893

    SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.... Read more

    • EPSS Score: %0.05
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27892

    SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.... Read more

    • EPSS Score: %0.05
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27891

    SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.... Read more

    • EPSS Score: %0.51
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27890

    SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.... Read more

    Affected Products : mybb
    • EPSS Score: %5.71
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27889

    Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.... Read more

    Affected Products : mybb
    • EPSS Score: %2.24
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27888

    ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.... Read more

    Affected Products : zendto
    • EPSS Score: %0.32
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-27887

    Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects... Read more

    • EPSS Score: %0.27
    • Published: Jun. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27886

    rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.... Read more

    Affected Products : docker_dashboard
    • EPSS Score: %4.11
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27885

    usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.... Read more

    Affected Products : e107
    • EPSS Score: %0.34
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.1

    MEDIUM
    CVE-2021-27884

    Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.... Read more

    Affected Products : yapi
    • EPSS Score: %0.06
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-27878

    An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authen... Read more

    Affected Products : backup_exec
    • Actively Exploited
    • EPSS Score: %0.98
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27877

    An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An ... Read more

    Affected Products : backup_exec
    • Actively Exploited
    • EPSS Score: %0.97
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-27876

    An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authen... Read more

    Affected Products : backup_exec
    • Actively Exploited
    • EPSS Score: %0.64
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27859

    A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with admi... Read more

    • EPSS Score: %0.75
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27858

    A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impa... Read more

    • EPSS Score: %0.39
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27857

    A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs... Read more

    • EPSS Score: %0.50
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27856

    FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory ide... Read more

    • EPSS Score: %0.62
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27855

    FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable... Read more

    • EPSS Score: %1.14
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291783 Results