Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-27449

    Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server.... Read more

    Affected Products : amegaview
    • EPSS Score: %1.08
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27448

    A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).... Read more

    Affected Products : mu320e_firmware mu320e
    • EPSS Score: %0.05
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27447

    Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.... Read more

    Affected Products : amegaview
    • EPSS Score: %1.46
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27446

    The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.... Read more

    • EPSS Score: %0.28
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27445

    Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.... Read more

    Affected Products : amegaview
    • EPSS Score: %0.03
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27444

    The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.... Read more

    • EPSS Score: %0.30
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-27442

    The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.... Read more

    • EPSS Score: %0.14
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27440

    The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).... Read more

    Affected Products : reason_dr60_firmware reason_dr60
    • EPSS Score: %0.27
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27439

    TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected beh... Read more

    Affected Products : tencentos-tiny
    • EPSS Score: %1.05
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27438

    The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).... Read more

    Affected Products : reason_dr60_firmware reason_dr60
    • EPSS Score: %0.28
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-27437

    The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitatio... Read more

    Affected Products : wise-paas\/rmm
    • EPSS Score: %0.17
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27436

    WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user ... Read more

    Affected Products : webaccess\/scada
    • EPSS Score: %0.18
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27435

    ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.... Read more

    Affected Products : mbed
    • EPSS Score: %3.52
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27434

    Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.... Read more

    • EPSS Score: %0.22
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27433

    ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.... Read more

    Affected Products : mbed_ualloc
    • EPSS Score: %3.78
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27432

    OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.... Read more

    • EPSS Score: %0.22
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27431

    ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution... Read more

    Affected Products : cmsis-rtos
    • EPSS Score: %0.49
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-27430

    GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.... Read more

    Affected Products : ur_bootloader_binary
    • EPSS Score: %0.08
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27429

    Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution. ... Read more

    • EPSS Score: %0.04
    • Published: Nov. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27428

    GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate... Read more

    • EPSS Score: %0.24
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291672 Results