Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2021-26636

    Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.76
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26635

    In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result,... Read more

    Affected Products : ark_library
    • EPSS Score: %3.60
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26634

    SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these ... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.47
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26633

    SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.22
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-26631

    Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order.... Read more

    Affected Products : commerce
    • EPSS Score: %0.33
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26630

    Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable ... Read more

    Affected Products : windows groupware
    • EPSS Score: %0.37
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26629

    A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.... Read more

    Affected Products : windows xplatform
    • EPSS Score: %1.76
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26628

    Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary ... Read more

    Affected Products : maxboard linux_kernel
    • EPSS Score: %0.30
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26627

    Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.... Read more

    Affected Products : qcp200w_firmware qcp200w
    • EPSS Score: %0.38
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26626

    Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The... Read more

    Affected Products : windows xplatform
    • EPSS Score: %0.70
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26625

    Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote atta... Read more

    Affected Products : windows nexacro
    • EPSS Score: %0.20
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26624

    An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attacke... Read more

    Affected Products : escan_anti-virus
    • EPSS Score: %1.88
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26623

    A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.... Read more

    Affected Products : windows bandizip
    • EPSS Score: %0.69
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26622

    An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in N... Read more

    Affected Products : windows genian_nac
    • EPSS Score: %2.27
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26621

    An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function.... Read more

    Affected Products : mex01_firmware mex01
    • EPSS Score: %3.31
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26620

    An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when access... Read more

    • EPSS Score: %0.61
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-26619

    An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users.... Read more

    Affected Products : windows bigfileagent
    • EPSS Score: %1.24
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26618

    An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.... Read more

    Affected Products : windows tooffice
    • EPSS Score: %0.42
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26617

    This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function.... Read more

    Affected Products : windows firstmall
    • EPSS Score: %0.73
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26616

    An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments.... Read more

    Affected Products : secuwayssl_u
    • EPSS Score: %0.66
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results