Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-26678

    A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.47
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26677

    A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platfor... Read more

    Affected Products : windows clearpass_policy_manager
    • EPSS Score: %0.04
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26676

    gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.... Read more

    Affected Products : debian_linux leap connman
    • EPSS Score: %0.11
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26675

    A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.... Read more

    Affected Products : debian_linux leap connman
    • EPSS Score: %0.22
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26644

    SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is ... Read more

    Affected Products : windows mangboard_wp mang_board
    • EPSS Score: %1.15
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26642

    When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code o... Read more

    Affected Products : windows xpressengine
    • EPSS Score: %2.89
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26639

    This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.... Read more

    Affected Products : linux_kernel smart_wing_cms
    • EPSS Score: %0.12
    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26638

    Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.... Read more

    Affected Products : s\&d_smarthome
    • EPSS Score: %8.75
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26637

    There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.... Read more

    • EPSS Score: %0.93
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-26636

    Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.76
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26635

    In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result,... Read more

    Affected Products : ark_library
    • EPSS Score: %3.60
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26634

    SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these ... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.47
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26633

    SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.22
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-26631

    Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order.... Read more

    Affected Products : commerce
    • EPSS Score: %0.33
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26630

    Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable ... Read more

    Affected Products : windows groupware
    • EPSS Score: %0.37
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26629

    A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.... Read more

    Affected Products : windows xplatform
    • EPSS Score: %1.76
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26628

    Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary ... Read more

    Affected Products : maxboard linux_kernel
    • EPSS Score: %0.30
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26627

    Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.... Read more

    Affected Products : qcp200w_firmware qcp200w
    • EPSS Score: %0.38
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26626

    Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The... Read more

    Affected Products : windows xplatform
    • EPSS Score: %0.70
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26625

    Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote atta... Read more

    Affected Products : windows nexacro
    • EPSS Score: %0.20
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291531 Results