Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-26777

    Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.... Read more

    • EPSS Score: %0.95
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-26776

    CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.... Read more

    Affected Products : csz_cms
    • EPSS Score: %0.17
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26765

    SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.... Read more

    • EPSS Score: %3.69
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26764

    SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.... Read more

    • EPSS Score: %3.09
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26762

    SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.... Read more

    • EPSS Score: %1.15
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-26758

    Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.... Read more

    Affected Products : openlitespeed
    • EPSS Score: %3.36
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26754

    wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.... Read more

    Affected Products : wpdatatables
    • EPSS Score: %9.12
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-26753

    NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all a... Read more

    Affected Products : nedi
    • EPSS Score: %0.58
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26752

    NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi i... Read more

    Affected Products : nedi
    • EPSS Score: %1.16
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26751

    NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access t... Read more

    Affected Products : nedi
    • EPSS Score: %0.37
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26750

    DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.... Read more

    • EPSS Score: %0.05
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26747

    Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.... Read more

    • EPSS Score: %24.40
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26746

    Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %0.47
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26740

    Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.... Read more

    Affected Products : doyocms doyocms
    • EPSS Score: %0.85
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26739

    SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.... Read more

    Affected Products : doyocms doyocms
    • EPSS Score: %0.62
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26738

    Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.04
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26737

    The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.02
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26736

    Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.03
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26735

    The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.04
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26734

    Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. ... Read more

    Affected Products : client_connector
    • EPSS Score: %0.02
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291647 Results