Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-26233

    FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Servi... Read more

    Affected Products : image_viewer
    • EPSS Score: %0.32
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26232

    SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.... Read more

    Affected Products : simple_college_website
    • EPSS Score: %0.49
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26231

    SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.... Read more

    Affected Products : fantastic_blog_cms
    • EPSS Score: %0.62
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26230

    Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.22
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26229

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.51
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26228

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.62
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26227

    Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.22
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26226

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.51
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26224

    Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php.... Read more

    Affected Products : fantastic_blog_cms fantastic_blog
    • EPSS Score: %0.22
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26223

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.51
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26222

    The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.... Read more

    Affected Products : ezxml
    • EPSS Score: %0.44
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26221

    The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.... Read more

    Affected Products : ezxml
    • EPSS Score: %0.44
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-26220

    The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.... Read more

    Affected Products : ezxml
    • EPSS Score: %0.44
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-26216

    SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.... Read more

    Affected Products : seeddms
    • EPSS Score: %0.16
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-26215

    SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.... Read more

    Affected Products : seeddms
    • EPSS Score: %0.16
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26201

    The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.15
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26200

    The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.... Read more

    Affected Products : library_system
    • EPSS Score: %0.16
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26199

    An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file.... Read more

    Affected Products : jerryscript
    • EPSS Score: %0.26
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26198

    An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file.... Read more

    Affected Products : jerryscript
    • EPSS Score: %0.26
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26197

    An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file.... Read more

    Affected Products : jerryscript
    • EPSS Score: %0.26
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291641 Results