Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-23929

    OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23928

    OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-23927

    OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.13
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-23926

    The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.... Read more

    • EPSS Score: %0.32
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23925

    An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.... Read more

    Affected Products : devolutions_server
    • EPSS Score: %0.28
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23924

    An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.... Read more

    Affected Products : devolutions_server
    • EPSS Score: %0.32
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-23923

    An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.... Read more

    Affected Products : devolutions_server
    • EPSS Score: %0.18
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-23922

    An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.... Read more

    Affected Products : remote_desktop_manager
    • EPSS Score: %0.27
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-23921

    An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.... Read more

    Affected Products : devolutions_server
    • EPSS Score: %0.28
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23910

    An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.... Read more

    • EPSS Score: %0.25
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23909

    An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.... Read more

    • EPSS Score: %2.65
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23908

    An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.... Read more

    • EPSS Score: %1.50
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23907

    An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.... Read more

    • EPSS Score: %1.50
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-23906

    An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.... Read more

    • EPSS Score: %0.18
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-23901

    An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfer... Read more

    Affected Products : snap_creator_framework nutch
    • EPSS Score: %1.07
    • Published: Jan. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23900

    OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.... Read more

    Affected Products : json-sanitizer
    • EPSS Score: %0.41
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23899

    OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.... Read more

    Affected Products : json-sanitizer
    • EPSS Score: %0.44
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.5

    MEDIUM
    CVE-2021-23896

    Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the... Read more

    Affected Products : database_security
    • EPSS Score: %0.04
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-23895

    Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized... Read more

    Affected Products : database_security
    • EPSS Score: %1.41
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-23894

    Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serializ... Read more

    Affected Products : database_security
    • EPSS Score: %4.28
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292387 Results