Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-27545

    SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • EPSS Score: %0.85
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27544

    Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • EPSS Score: %0.26
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27531

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.... Read more

    Affected Products : dynpg
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27530

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.... Read more

    Affected Products : dynpg
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27529

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.16
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27528

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27527

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.16
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-27526

    A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.... Read more

    Affected Products : dynpg dynpg_cms
    • EPSS Score: %0.18
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27524

    Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.... Read more

    Affected Products : braft-editor
    • EPSS Score: %0.10
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27523

    An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.... Read more

    Affected Products : dashboard
    • EPSS Score: %1.26
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27522

    Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.... Read more

    Affected Products : learnsite
    • EPSS Score: %0.55
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27520

    A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.... Read more

    Affected Products : fudforum fudforum
    • EPSS Score: %1.12
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27519

    A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.... Read more

    Affected Products : fudforum fudforum
    • EPSS Score: %3.83
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27517

    Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).... Read more

    Affected Products : phantompdf reader
    • EPSS Score: %0.47
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27516

    URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.... Read more

    Affected Products : uri.js urijs
    • EPSS Score: %0.55
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27515

    url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.... Read more

    Affected Products : url-parse
    • EPSS Score: %0.19
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27514

    EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %13.67
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-27513

    The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %44.97
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27509

    In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.... Read more

    Affected Products : myconnection_server
    • EPSS Score: %0.28
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27506

    The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is... Read more

    • EPSS Score: %0.14
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291739 Results