Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-28434

    Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more

    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28429

    Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.... Read more

    Affected Products : ffmpeg
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28428

    File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; ... Read more

    Affected Products : horizontcms
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28427

    Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.... Read more

    Affected Products : xnview
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28424

    A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.... Read more

    Affected Products : teachers_record_management_system
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28420

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.... Read more

    Affected Products : seo_panel
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28419

    The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.... Read more

    Affected Products : seo_panel
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28418

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.... Read more

    Affected Products : seo_panel
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-28417

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.... Read more

    Affected Products : seo_panel
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28411

    An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.... Read more

    Affected Products : ruoyi
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28399

    OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.... Read more

    Affected Products : orangehrm
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-28398

    A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perf... Read more

    Affected Products : geonetwork
    • Published: Sep. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28382

    Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.... Read more

    Affected Products : manageengine_key_manager_plus
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28381

    The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.... Read more

    Affected Products : vhs
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28380

    The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account.... Read more

    Affected Products : aimeos
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-28379

    web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.... Read more

    Affected Products : vesta_control_panel myvesta
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28378

    Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.... Read more

    Affected Products : gitea
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28377

    ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.... Read more

    Affected Products : chronoforums
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-28376

    ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.... Read more

    Affected Products : chronoforums
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28375

    An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.... Read more

    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292797 Results