Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2021-27673

    Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.... Read more

    Affected Products : zenario
    • EPSS Score: %0.23
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-27672

    SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.... Read more

    Affected Products : zenario
    • EPSS Score: %0.22
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27671

    An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.... Read more

    Affected Products : comrak
    • EPSS Score: %0.22
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27670

    Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.... Read more

    Affected Products : appspace
    • EPSS Score: %91.94
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27668

    HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.... Read more

    Affected Products : vault
    • EPSS Score: %0.33
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27665

    An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.... Read more

    Affected Products : exacqvision_server
    • EPSS Score: %0.32
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27664

    Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.... Read more

    • EPSS Score: %0.27
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27663

    A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.... Read more

    Affected Products : ac2000_firmware ac2000
    • EPSS Score: %0.61
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-27662

    The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01... Read more

    • EPSS Score: %0.18
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27661

    Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by se... Read more

    Affected Products : f4-snc_firmware f4-snc
    • EPSS Score: %0.19
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27660

    An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.... Read more

    Affected Products : c-cure_9000_firmware c-cure_9000
    • EPSS Score: %1.16
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27659

    exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.... Read more

    • EPSS Score: %0.26
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27658

    exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.... Read more

    Affected Products : exacqvision_enterprise_manager
    • EPSS Score: %0.22
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27657

    Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys syst... Read more

    Affected Products : metasys
    • EPSS Score: %0.29
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27656

    A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.... Read more

    Affected Products : exacqvision_web_service
    • EPSS Score: %0.25
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27654

    Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.... Read more

    Affected Products : pega_platform infinity
    • EPSS Score: %0.13
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2021-27653

    Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.... Read more

    Affected Products : infinity
    • EPSS Score: %0.31
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27651

    In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.... Read more

    Affected Products : pega_platform infinity
    • EPSS Score: %90.36
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-27648

    Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.... Read more

    Affected Products : antivirus_essential
    • EPSS Score: %10.12
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27644

    In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)... Read more

    Affected Products : dolphinscheduler
    • EPSS Score: %3.94
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results