Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2021-21517

    SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit th... Read more

    Affected Products : emc_srs_policy_manager
    • EPSS Score: %0.44
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-21515

    Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly ... Read more

    Affected Products : emc_sourceone
    • EPSS Score: %0.26
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-21514

    Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a speci... Read more

    Affected Products : openmanage_server_administrator
    • EPSS Score: %6.08
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21513

    Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploi... Read more

    Affected Products : openmanage_server_administrator
    • EPSS Score: %0.50
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.9

    HIGH
    CVE-2021-21512

    Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification em... Read more

    • EPSS Score: %0.05
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-21511

    Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' b... Read more

    • EPSS Score: %0.15
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-21510

    Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections... Read more

    Affected Products : idrac8_firmware emc_idrac9_firmware
    • EPSS Score: %0.82
    • Published: Mar. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21507

    Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit thi... Read more

    • EPSS Score: %0.06
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21506

    PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential p... Read more

    • EPSS Score: %0.52
    • Published: Mar. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-21505

    Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to th... Read more

    • EPSS Score: %5.75
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21503

    PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.... Read more

    • EPSS Score: %0.12
    • Published: Mar. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21502

    Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving t... Read more

    • EPSS Score: %0.27
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-21501

    Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.... Read more

    Affected Products : servicecomb
    • EPSS Score: %1.01
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21495

    MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.... Read more

    Affected Products : mk-auth
    • EPSS Score: %0.21
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-21494

    MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.... Read more

    Affected Products : mk-auth
    • EPSS Score: %0.19
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21493

    When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the applic... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %0.20
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21492

    SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.... Read more

    • EPSS Score: %0.16
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-21491

    SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.... Read more

    • EPSS Score: %0.13
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-21490

    SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious use... Read more

    • EPSS Score: %0.25
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-21489

    SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges ... Read more

    Affected Products : netweaver_enterprise_portal
    • EPSS Score: %0.24
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290990 Results