Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-27224

    The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.... Read more

    Affected Products : irfanview wpg
    • EPSS Score: %4.02
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27223

    A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered... Read more

    • EPSS Score: %0.05
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27222

    In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS.... Read more

    Affected Products : time_in_status
    • EPSS Score: %0.26
    • Published: Mar. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-27221

    MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work... Read more

    Affected Products : routeros
    • EPSS Score: %37.81
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-27220

    An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server.... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.36
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27219

    An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.... Read more

    • EPSS Score: %0.25
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27218

    An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.... Read more

    • EPSS Score: %3.81
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-27217

    An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes... Read more

    Affected Products : yubihsm-shell
    • EPSS Score: %0.62
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-27216

    Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.... Read more

    Affected Products : exim
    • EPSS Score: %0.16
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27215

    An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authenti... Read more

    Affected Products : genuagate
    • EPSS Score: %0.78
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27214

    A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack aga... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %10.52
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27213

    config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.... Read more

    Affected Products : pystemon
    • EPSS Score: %0.39
    • Published: Feb. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27212

    In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema... Read more

    Affected Products : debian_linux openldap
    • EPSS Score: %25.38
    • Published: Feb. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27211

    steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.... Read more

    Affected Products : steghide
    • EPSS Score: %0.64
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27210

    TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.... Read more

    Affected Products : archer_c5v_firmware archer_c5v
    • EPSS Score: %0.10
    • Published: Feb. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-27209

    In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.... Read more

    Affected Products : archer_c5v_firmware archer_c5v
    • EPSS Score: %0.02
    • Published: Feb. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-27208

    When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer ... Read more

    • EPSS Score: %0.19
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27205

    Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.... Read more

    Affected Products : macos telegram
    • EPSS Score: %0.03
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27204

    Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.... Read more

    Affected Products : macos telegram
    • EPSS Score: %0.03
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27203

    In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.... Read more

    Affected Products : private_disk
    • EPSS Score: %0.04
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291608 Results