Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-25830

    A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper str... Read more

    Affected Products : document_server
    • EPSS Score: %5.32
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25829

    An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.... Read more

    Affected Products : document_server
    • EPSS Score: %2.18
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-25828

    Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.... Read more

    Affected Products : emby
    • EPSS Score: %0.19
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25827

    Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.... Read more

    Affected Products : emby
    • EPSS Score: %0.30
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25812

    Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.... Read more

    • EPSS Score: %4.06
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25811

    MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the list... Read more

    Affected Products : mercury_x18g_firmware mercury_x18g
    • EPSS Score: %0.51
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-25810

    Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.... Read more

    Affected Products : mercury_x18g_firmware mercury_x18g
    • EPSS Score: %0.61
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-25809

    UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.... Read more

    Affected Products : ucms
    • EPSS Score: %0.21
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25808

    A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.... Read more

    Affected Products : bludit
    • EPSS Score: %0.50
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-25804

    A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %1.00
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-25803

    A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %0.28
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-25802

    A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %0.28
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-25801

    A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %2.43
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25791

    Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, an... Read more

    • EPSS Score: %0.14
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25790

    Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone N... Read more

    • EPSS Score: %0.16
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-25786

    An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.... Read more

    Affected Products : qpdf
    • EPSS Score: %0.30
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-25785

    Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.... Read more

    Affected Products : taocms
    • EPSS Score: %0.24
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-25784

    Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.... Read more

    Affected Products : taocms
    • EPSS Score: %0.27
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-25783

    Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.... Read more

    Affected Products : taocms
    • EPSS Score: %0.27
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-25780

    An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and o... Read more

    Affected Products : baby_care_system
    • EPSS Score: %4.04
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results