Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-26795

    A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.... Read more

    Affected Products : sendquick_alert_plus_server_admin
    • EPSS Score: %0.32
    • Published: Nov. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26794

    Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.... Read more

    Affected Products : frogcms
    • EPSS Score: %0.85
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26788

    Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have TCP connectivity to the target system. Receiving a malic... Read more

    Affected Products : cyclonetcp
    • EPSS Score: %0.16
    • Published: Mar. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26787

    A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter.... Read more

    Affected Products : workforce_management
    • EPSS Score: %0.53
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26786

    An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php.... Read more

    Affected Products : playtuber
    • EPSS Score: %0.94
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26777

    Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.... Read more

    • EPSS Score: %0.95
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-26776

    CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.... Read more

    Affected Products : csz_cms
    • EPSS Score: %0.17
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26765

    SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.... Read more

    • EPSS Score: %3.69
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26764

    SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.... Read more

    • EPSS Score: %3.09
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26762

    SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.... Read more

    • EPSS Score: %1.15
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-26758

    Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.... Read more

    Affected Products : openlitespeed
    • EPSS Score: %3.36
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26754

    wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.... Read more

    Affected Products : wpdatatables
    • EPSS Score: %9.12
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-26753

    NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all a... Read more

    Affected Products : nedi
    • EPSS Score: %0.58
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26752

    NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi i... Read more

    Affected Products : nedi
    • EPSS Score: %1.16
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26751

    NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access t... Read more

    Affected Products : nedi
    • EPSS Score: %0.37
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26750

    DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.... Read more

    • EPSS Score: %0.05
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26747

    Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.... Read more

    • EPSS Score: %24.40
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26746

    Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %0.47
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26740

    Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.... Read more

    Affected Products : doyocms doyocms
    • EPSS Score: %0.85
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26739

    SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.... Read more

    Affected Products : doyocms doyocms
    • EPSS Score: %0.62
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291564 Results