Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-26682

    A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to con... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.25
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-26681

    A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary command... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %3.56
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-26680

    A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %1.84
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-26679

    A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %3.29
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26678

    A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.47
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26677

    A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platfor... Read more

    Affected Products : windows clearpass_policy_manager
    • EPSS Score: %0.04
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26676

    gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.... Read more

    Affected Products : debian_linux leap connman
    • EPSS Score: %0.11
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26675

    A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.... Read more

    Affected Products : debian_linux leap connman
    • EPSS Score: %0.22
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26644

    SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is ... Read more

    Affected Products : windows mangboard_wp mang_board
    • EPSS Score: %1.15
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26642

    When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code o... Read more

    Affected Products : windows xpressengine
    • EPSS Score: %2.89
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26639

    This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.... Read more

    Affected Products : linux_kernel smart_wing_cms
    • EPSS Score: %0.12
    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26638

    Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.... Read more

    Affected Products : s\&d_smarthome
    • EPSS Score: %8.75
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26637

    There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.... Read more

    • EPSS Score: %0.93
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-26636

    Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.76
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26635

    In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result,... Read more

    Affected Products : ark_library
    • EPSS Score: %3.60
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26634

    SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these ... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.47
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26633

    SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.22
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-26631

    Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order.... Read more

    Affected Products : commerce
    • EPSS Score: %0.33
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26630

    Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable ... Read more

    Affected Products : windows groupware
    • EPSS Score: %0.37
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26629

    A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.... Read more

    Affected Products : windows xplatform
    • EPSS Score: %1.76
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results