Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-26034

    An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26033

    An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26032

    An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.... Read more

    Affected Products : joomla\!
    • EPSS Score: %1.61
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-26031

    An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26030

    An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page... Read more

    Affected Products : joomla\!
    • EPSS Score: %46.05
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-26029

    An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.02
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26028

    An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.... Read more

    Affected Products : joomla\! joomla
    • EPSS Score: %0.01
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-26027

    An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26026

    PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.... Read more

    Affected Products : photo_studio photo_studio_2021
    • EPSS Score: %0.17
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26025

    PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.... Read more

    Affected Products : photo_studio photo_studio_2021
    • EPSS Score: %0.17
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-26024

    The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.... Read more

    Affected Products : nagios_xi favorites
    • EPSS Score: %1.10
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26023

    The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.... Read more

    Affected Products : nagios_xi favorites
    • EPSS Score: %64.79
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-25994

    In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successf... Read more

    Affected Products : userfrosting
    • EPSS Score: %1.76
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25993

    In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT toke... Read more

    Affected Products : wiki.js
    • EPSS Score: %0.21
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25992

    In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks.... Read more

    Affected Products : ifme
    • EPSS Score: %0.38
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-25991

    In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.... Read more

    Affected Products : ifme
    • EPSS Score: %0.19
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25990

    In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.... Read more

    Affected Products : ifme
    • EPSS Score: %0.21
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25989

    In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.... Read more

    Affected Products : ifme
    • EPSS Score: %0.21
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25988

    In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.... Read more

    Affected Products : ifme
    • EPSS Score: %0.21
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.0

    MEDIUM
    CVE-2021-25987

    Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.... Read more

    Affected Products : hexo
    • EPSS Score: %0.10
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results