Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-27306

    An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.... Read more

    Affected Products : kong_gateway
    • EPSS Score: %1.47
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27293

    RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck pr... Read more

    Affected Products : restsharp
    • EPSS Score: %0.46
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27292

    ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.... Read more

    Affected Products : ua-parser-js
    • EPSS Score: %0.36
    • Published: Mar. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27291

    In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input,... Read more

    Affected Products : fedora debian_linux pygments
    • EPSS Score: %2.33
    • Published: Mar. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27290

    ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the ... Read more

    • EPSS Score: %2.66
    • Published: Mar. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27288

    Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.... Read more

    Affected Products : x2crm
    • EPSS Score: %0.20
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27279

    MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).... Read more

    Affected Products : mybb
    • EPSS Score: %0.38
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-27278

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vul... Read more

    Affected Products : parallels_desktop
    • EPSS Score: %0.05
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27277

    This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to... Read more

    Affected Products : orion_platform
    • EPSS Score: %2.21
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-27276

    This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism ... Read more

    Affected Products : prosafe_network_management_system
    • EPSS Score: %10.96
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-27275

    This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the... Read more

    Affected Products : prosafe_network_management_system
    • EPSS Score: %4.69
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27274

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUp... Read more

    Affected Products : prosafe_network_management_system
    • EPSS Score: %51.30
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-27273

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism ... Read more

    Affected Products : prosafe_network_management_system
    • EPSS Score: %40.41
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27272

    This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism ... Read more

    Affected Products : prosafe_network_management_system
    • EPSS Score: %14.53
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27271

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious ... Read more

    Affected Products : foxit_reader phantompdf windows
    • EPSS Score: %4.54
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27270

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious ... Read more

    Affected Products : foxit_reader phantompdf windows
    • EPSS Score: %2.96
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27269

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious ... Read more

    Affected Products : foxit_reader phantompdf windows
    • EPSS Score: %4.57
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27268

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious ... Read more

    Affected Products : foxit_reader phantompdf windows
    • EPSS Score: %3.06
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27267

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious ... Read more

    Affected Products : foxit_reader phantompdf windows
    • EPSS Score: %3.06
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-27266

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma... Read more

    Affected Products : foxit_reader phantompdf windows
    • EPSS Score: %3.77
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291647 Results