Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-27762

    Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses... Read more

    Affected Products : bigfix_platform
    • EPSS Score: %0.27
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27761

    Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks... Read more

    Affected Products : bigfix_platform
    • EPSS Score: %0.12
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.0

    MEDIUM
    CVE-2021-27760

    An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Java... Read more

    Affected Products : hcl_inotes
    • EPSS Score: %0.47
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27759

    This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the appli... Read more

    Affected Products : bigfix_inventory
    • EPSS Score: %0.10
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27758

    There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.... Read more

    Affected Products : bigfix_inventory
    • EPSS Score: %0.08
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27757

    " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain acc... Read more

    Affected Products : bigfix_insights
    • EPSS Score: %0.15
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27756

    "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."... Read more

    Affected Products : bigfix_compliance
    • EPSS Score: %0.14
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27755

    "Sametime Android potential path traversal vulnerability when using File class"... Read more

    Affected Products : hcl_sametime
    • EPSS Score: %0.08
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27753

    "Sametime Android PathTraversal Vulnerability"... Read more

    Affected Products : hcl_sametime
    • EPSS Score: %0.08
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-27751

    HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.... Read more

    Affected Products : hcl_commerce commerce
    • EPSS Score: %0.04
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27746

    "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"... Read more

    Affected Products : connections
    • EPSS Score: %0.50
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-27741

    " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"... Read more

    Affected Products : hcl_commerce
    • EPSS Score: %0.37
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27738

    All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassi... Read more

    Affected Products : kylin
    • EPSS Score: %2.43
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27737

    Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.... Read more

    Affected Products : traffic_server
    • EPSS Score: %9.47
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27736

    FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.... Read more

    Affected Products : saml_v2
    • EPSS Score: %0.28
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27734

    Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.... Read more

    Affected Products : hirschmann_hios hisecos
    • EPSS Score: %0.12
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27733

    In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.... Read more

    Affected Products : youtrack
    • EPSS Score: %0.01
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27731

    Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.... Read more

    Affected Products : fta
    • EPSS Score: %0.33
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27730

    Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.... Read more

    Affected Products : fta
    • EPSS Score: %0.42
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27722

    An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.... Read more

    Affected Products : spotauditor
    • EPSS Score: %0.74
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291737 Results