Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-28438

    Windows Console Driver Denial of Service Vulnerability... Read more

    • EPSS Score: %0.84
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28437

    Windows Installer Information Disclosure Vulnerability... Read more

    • EPSS Score: %0.45
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28436

    Windows Speech Runtime Elevation of Privilege Vulnerability... Read more

    • EPSS Score: %0.51
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28435

    Windows Event Tracing Information Disclosure Vulnerability... Read more

    • EPSS Score: %0.54
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28434

    Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more

    • EPSS Score: %12.16
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28429

    Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.02
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28428

    File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; ... Read more

    Affected Products : horizontcms
    • EPSS Score: %0.41
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28427

    Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.... Read more

    Affected Products : xnview
    • EPSS Score: %0.05
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28424

    A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.... Read more

    Affected Products : teachers_record_management_system
    • EPSS Score: %0.41
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28420

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.21
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28419

    The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.... Read more

    Affected Products : seo_panel
    • EPSS Score: %9.23
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28418

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.21
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28417

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.21
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28411

    An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.... Read more

    Affected Products : ruoyi
    • EPSS Score: %0.31
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28399

    OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.... Read more

    Affected Products : orangehrm
    • EPSS Score: %0.71
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28398

    A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perf... Read more

    Affected Products : geonetwork
    • EPSS Score: %0.34
    • Published: Sep. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28382

    Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.... Read more

    Affected Products : manageengine_key_manager_plus
    • EPSS Score: %19.52
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28381

    The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.... Read more

    Affected Products : vhs
    • EPSS Score: %0.37
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28380

    The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account.... Read more

    Affected Products : aimeos
    • EPSS Score: %0.27
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28379

    web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.... Read more

    Affected Products : vesta_control_panel myvesta
    • EPSS Score: %3.29
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292425 Results