Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-27715

    An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.... Read more

    • EPSS Score: %0.06
    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27710

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs becau... Read more

    • EPSS Score: %20.15
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27708

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs becau... Read more

    • EPSS Score: %20.15
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27707

    Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the para... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • EPSS Score: %3.11
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27706

    Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the ... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • EPSS Score: %3.11
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27705

    Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIn... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • EPSS Score: %3.11
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27698

    RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.... Read more

    Affected Products : riot
    • EPSS Score: %0.46
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27697

    RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.... Read more

    Affected Products : riot
    • EPSS Score: %0.46
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27695

    Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.... Read more

    Affected Products : openmaint
    • EPSS Score: %0.81
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27693

    Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.... Read more

    Affected Products : publiccms
    • EPSS Score: %0.11
    • Published: Sep. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27692

    Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUS... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • EPSS Score: %2.58
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27691

    Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS comm... Read more

    Affected Products : g0_firmware g1_firmware g3_firmware g3 g0 g1
    • EPSS Score: %3.50
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27679

    Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.... Read more

    Affected Products : batflat
    • EPSS Score: %0.13
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27678

    Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.... Read more

    Affected Products : batflat
    • EPSS Score: %0.14
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27677

    Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.... Read more

    Affected Products : batflat
    • EPSS Score: %0.14
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27676

    Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration > Not... Read more

    Affected Products : centreon
    • EPSS Score: %0.04
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27673

    Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.... Read more

    Affected Products : zenario
    • EPSS Score: %0.23
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-27672

    SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.... Read more

    Affected Products : zenario
    • EPSS Score: %0.22
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27671

    An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.... Read more

    Affected Products : comrak
    • EPSS Score: %0.22
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27670

    Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.... Read more

    Affected Products : appspace
    • EPSS Score: %91.94
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291737 Results