Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2021-26729

    Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner In... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.36
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26728

    Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.64
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26727

    Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner ... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.49
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26726

    A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.... Read more

    Affected Products : dna
    • EPSS Score: %1.08
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-26725

    Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versi... Read more

    • EPSS Score: %0.53
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-26724

    OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 versio... Read more

    • EPSS Score: %2.71
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26723

    Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.... Read more

    Affected Products : jenzabar
    • EPSS Score: %64.22
    • Published: Feb. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26722

    LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.... Read more

    Affected Products : oncall
    • EPSS Score: %29.91
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26720

    avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /ru... Read more

    Affected Products : debian_linux avahi
    • EPSS Score: %0.03
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26719

    A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can... Read more

    • EPSS Score: %0.59
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26718

    KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.... Read more

    Affected Products : internet_security
    • EPSS Score: %0.05
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26717

    An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send... Read more

    Affected Products : asterisk certified_asterisk
    • EPSS Score: %0.44
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26716

    Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.... Read more

    Affected Products : emoncms
    • EPSS Score: %0.22
    • Published: Feb. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-26715

    The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An u... Read more

    Affected Products : connect
    • EPSS Score: %0.55
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26714

    The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application... Read more

    Affected Products : micontact_center_enterprise
    • EPSS Score: %0.92
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26713

    A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multipl... Read more

    Affected Products : asterisk certified_asterisk
    • EPSS Score: %0.16
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26712

    Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.... Read more

    Affected Products : asterisk certified_asterisk
    • EPSS Score: %1.65
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-26711

    A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.... Read more

    Affected Products : report2web
    • EPSS Score: %0.26
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26710

    A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.... Read more

    Affected Products : report2web
    • EPSS Score: %17.80
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26709

    D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that... Read more

    Affected Products : dsl-320b-d1 dsl-320b-d1
    • EPSS Score: %39.84
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results