Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2021-27582

    org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotati... Read more

    Affected Products : connect
    • EPSS Score: %0.62
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27581

    The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.... Read more

    Affected Products : kentico kentico_cms
    • EPSS Score: %0.42
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27579

    Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled vi... Read more

    Affected Products : snow_inventory_agent
    • EPSS Score: %0.06
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27578

    Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.... Read more

    Affected Products : zeppelin
    • EPSS Score: %5.04
    • Published: Sep. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27577

    Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.... Read more

    Affected Products : debian_linux traffic_server
    • EPSS Score: %0.66
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27576

    If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0... Read more

    Affected Products : openmeetings
    • EPSS Score: %5.92
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-27574

    An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warn... Read more

    Affected Products : emote_remote_mouse
    • EPSS Score: %0.20
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27573

    An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication.... Read more

    Affected Products : emote_remote_mouse
    • EPSS Score: %55.27
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-27572

    An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.... Read more

    Affected Products : emote_remote_mouse
    • EPSS Score: %2.81
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27571

    An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.... Read more

    Affected Products : emote_remote_mouse
    • EPSS Score: %0.22
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27570

    An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic.... Read more

    Affected Products : emote_remote_mouse
    • EPSS Score: %0.11
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27569

    An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentica... Read more

    Affected Products : emote_remote_mouse
    • EPSS Score: %0.06
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-27568

    An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using t... Read more

    • EPSS Score: %0.53
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27565

    The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a mi... Read more

    Affected Products : nichestack
    • EPSS Score: %2.42
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27564

    A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.... Read more

    Affected Products : appspace
    • EPSS Score: %0.42
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27559

    The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.... Read more

    Affected Products : monica
    • EPSS Score: %0.19
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27558

    A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.... Read more

    Affected Products : zentao
    • EPSS Score: %0.22
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-27557

    A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.... Read more

    Affected Products : zentao
    • EPSS Score: %0.12
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-27556

    The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.... Read more

    Affected Products : zentao
    • EPSS Score: %9.12
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27550

    Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.... Read more

    Affected Products : polaris_office
    • EPSS Score: %0.18
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results