Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-27140

    An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • EPSS Score: %0.05
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27139

    An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • EPSS Score: %0.05
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27138

    The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.... Read more

    Affected Products : u-boot
    • EPSS Score: %0.09
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27135

    xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.... Read more

    Affected Products : fedora debian_linux xterm
    • EPSS Score: %0.67
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27132

    SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.... Read more

    • EPSS Score: %79.53
    • Published: Feb. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27131

    Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to stea... Read more

    Affected Products : moodle
    • EPSS Score: %0.12
    • Published: May. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27130

    Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.... Read more

    Affected Products : online_reviewer_system
    • EPSS Score: %0.54
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27129

    CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.18
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27124

    SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.... Read more

    Affected Products : doctor_appointment_system
    • EPSS Score: %22.29
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27117

    An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.... Read more

    Affected Products : beego
    • EPSS Score: %0.16
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27116

    An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.... Read more

    Affected Products : beego
    • EPSS Score: %0.16
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27114

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return ad... Read more

    • EPSS Score: %1.36
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27113

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.... Read more

    • EPSS Score: %28.61
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27112

    LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.... Read more

    Affected Products : lightcms
    • EPSS Score: %2.23
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-27099

    In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust dom... Read more

    Affected Products : spire
    • EPSS Score: %0.21
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-27098

    In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFF... Read more

    Affected Products : spire
    • EPSS Score: %0.12
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27097

    The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.... Read more

    Affected Products : u-boot
    • EPSS Score: %0.09
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27096

    NTFS Elevation of Privilege Vulnerability... Read more

    • EPSS Score: %0.28
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-27095

    Windows Media Video Decoder Remote Code Execution Vulnerability... Read more

    • EPSS Score: %0.78
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-27094

    Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability... Read more

    • EPSS Score: %0.41
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291608 Results