Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-26752

    NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi i... Read more

    Affected Products : nedi
    • EPSS Score: %1.16
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26751

    NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access t... Read more

    Affected Products : nedi
    • EPSS Score: %0.37
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26750

    DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.... Read more

    • EPSS Score: %0.05
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26747

    Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.... Read more

    • EPSS Score: %24.40
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26746

    Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %0.47
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26740

    Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.... Read more

    Affected Products : doyocms doyocms
    • EPSS Score: %0.85
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26739

    SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.... Read more

    Affected Products : doyocms doyocms
    • EPSS Score: %0.62
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26738

    Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.04
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26737

    The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.02
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26736

    Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.03
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26735

    The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.04
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26734

    Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.02
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26733

    A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A st... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.04
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26732

    A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.04
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26731

    Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affect... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.33
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26730

    A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.19
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26729

    Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner In... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.36
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26728

    Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.64
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26727

    Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner ... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.49
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26726

    A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.... Read more

    Affected Products : dna
    • EPSS Score: %1.08
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291531 Results