Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2021-26248

    Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.... Read more

    • EPSS Score: %0.05
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26247

    As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.... Read more

    Affected Products : cacti
    • EPSS Score: %31.02
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26237

    FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) o... Read more

    Affected Products : image_viewer
    • EPSS Score: %0.20
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26236

    FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handle... Read more

    Affected Products : image_viewer
    • EPSS Score: %1.00
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26235

    FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Servi... Read more

    Affected Products : image_viewer
    • EPSS Score: %0.32
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26234

    FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) o... Read more

    Affected Products : image_viewer
    • EPSS Score: %0.32
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26233

    FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Servi... Read more

    Affected Products : image_viewer
    • EPSS Score: %0.32
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26232

    SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.... Read more

    Affected Products : simple_college_website
    • EPSS Score: %0.49
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26231

    SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.... Read more

    Affected Products : fantastic_blog_cms
    • EPSS Score: %0.62
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26230

    Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.22
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26229

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.51
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26228

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.62
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26227

    Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.22
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26226

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.51
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26224

    Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php.... Read more

    Affected Products : fantastic_blog_cms fantastic_blog
    • EPSS Score: %0.22
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26223

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.51
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26222

    The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.... Read more

    Affected Products : ezxml
    • EPSS Score: %0.44
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26221

    The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.... Read more

    Affected Products : ezxml
    • EPSS Score: %0.44
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26220

    The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.... Read more

    Affected Products : ezxml
    • EPSS Score: %0.44
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-26216

    SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.... Read more

    Affected Products : seeddms
    • EPSS Score: %0.16
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291558 Results