Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2021-27526

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27524

    Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.... Read more

    Affected Products : braft-editor
    • EPSS Score: %0.10
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27523

    An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.... Read more

    Affected Products : dashboard
    • EPSS Score: %1.26
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27522

    Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.... Read more

    Affected Products : learnsite
    • EPSS Score: %0.55
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27520

    A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.... Read more

    Affected Products : fudforum fudforum
    • EPSS Score: %1.12
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27519

    A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.... Read more

    Affected Products : fudforum fudforum
    • EPSS Score: %3.83
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27517

    Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).... Read more

    Affected Products : phantompdf reader
    • EPSS Score: %0.47
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27516

    URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.... Read more

    Affected Products : uri.js urijs
    • EPSS Score: %0.55
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27515

    url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.... Read more

    Affected Products : url-parse
    • EPSS Score: %0.19
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27514

    EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %13.67
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27513

    The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %44.97
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27509

    In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.... Read more

    Affected Products : myconnection_server
    • EPSS Score: %0.28
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27506

    The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is... Read more

    • EPSS Score: %0.14
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27505

    mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.... Read more

    Affected Products : mypro
    • EPSS Score: %0.21
    • Published: May. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27504

    Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.... Read more

    • EPSS Score: %0.12
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-27503

    Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife ... Read more

    Affected Products : mylife mylife_cloud
    • EPSS Score: %0.15
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27502

    Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code ex... Read more

    • EPSS Score: %0.06
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27501

    Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.... Read more

    Affected Products : myvue speech vue_motion vue_pacs
    • EPSS Score: %0.22
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27500

    A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.... Read more

    Affected Products : opener
    • EPSS Score: %0.13
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-27499

    Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cl... Read more

    Affected Products : mylife mylife_cloud
    • EPSS Score: %0.10
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results