Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2021-23281

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a speci... Read more

    Affected Products : intelligent_power_manager
    • EPSS Score: %0.58
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-23280

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious... Read more

    • EPSS Score: %0.12
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-23279

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacke... Read more

    • EPSS Score: %0.91
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-23278

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action r... Read more

    • EPSS Score: %0.10
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-23277

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/l... Read more

    • EPSS Score: %0.43
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-23276

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add u... Read more

    • EPSS Score: %0.10
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-23275

    The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Market... Read more

    • EPSS Score: %0.03
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23274

    The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a... Read more

    • EPSS Score: %0.24
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-23273

    The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged att... Read more

    • EPSS Score: %0.25
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-23272

    The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to e... Read more

    • EPSS Score: %0.21
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-23271

    The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected r... Read more

    Affected Products : ebx
    • EPSS Score: %0.33
    • Published: Feb. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23270

    In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 ... Read more

    Affected Products : gargoyle
    • EPSS Score: %0.33
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-23267

    Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.46
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-23266

    An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.... Read more

    Affected Products : craftercms crafter_cms
    • EPSS Score: %0.24
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-23265

    A logged-in and authenticated user with a Reviewer Role may lock a content item.... Read more

    Affected Products : craftercms crafter_cms
    • EPSS Score: %0.38
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-23264

    Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %1.09
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23263

    Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).... Read more

    Affected Products : crafter_cms
    • EPSS Score: %1.11
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-23262

    Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.55
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-23261

    Authenticated administrators may override the system configuration file and cause a denial of service.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.37
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-23260

    Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.79
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results