Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-27564

    A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.... Read more

    Affected Products : appspace
    • EPSS Score: %0.42
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27559

    The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.... Read more

    Affected Products : monica
    • EPSS Score: %0.19
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27558

    A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.... Read more

    Affected Products : zentao
    • EPSS Score: %0.22
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-27557

    A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.... Read more

    Affected Products : zentao
    • EPSS Score: %0.12
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-27556

    The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.... Read more

    Affected Products : zentao
    • EPSS Score: %9.12
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27550

    Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.... Read more

    Affected Products : polaris_office
    • EPSS Score: %0.18
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27549

    Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen... Read more

    Affected Products : genymotion_desktop
    • EPSS Score: %0.22
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27548

    There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.17
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27545

    SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • EPSS Score: %0.85
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27544

    Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • EPSS Score: %0.26
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27531

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.... Read more

    Affected Products : dynpg
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27530

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.... Read more

    Affected Products : dynpg
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27529

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.16
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27528

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27527

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.16
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27526

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27524

    Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.... Read more

    Affected Products : braft-editor
    • EPSS Score: %0.10
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27523

    An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.... Read more

    Affected Products : dashboard
    • EPSS Score: %1.26
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27522

    Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.... Read more

    Affected Products : learnsite
    • EPSS Score: %0.55
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27520

    A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.... Read more

    Affected Products : fudforum fudforum
    • EPSS Score: %1.12
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results