Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2021-22539

    An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on ... Read more

    Affected Products : bazel
    • EPSS Score: %0.08
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22538

    A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create... Read more

    • EPSS Score: %0.24
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-22535

    Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.... Read more

    • EPSS Score: %0.23
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22531

    A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0... Read more

    Affected Products : access_manager
    • EPSS Score: %0.23
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-22528

    Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4... Read more

    Affected Products : access_manager netiq_access_manager
    • EPSS Score: %0.36
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22527

    Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4... Read more

    Affected Products : access_manager netiq_access_manager
    • EPSS Score: %0.32
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22526

    Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4... Read more

    Affected Products : access_manager netiq_access_manager
    • EPSS Score: %0.14
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22525

    This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1... Read more

    Affected Products : access_manager
    • EPSS Score: %0.05
    • Published: Sep. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-22524

    Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4... Read more

    Affected Products : access_manager netiq_access_manager
    • EPSS Score: %0.20
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-22523

    XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions.... Read more

    Affected Products : verastream_host_integrator
    • EPSS Score: %0.34
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-22522

    Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data.... Read more

    Affected Products : verastream_host_integrator
    • EPSS Score: %0.24
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-22521

    A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.... Read more

    • EPSS Score: %0.04
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22519

    Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vul... Read more

    Affected Products : sitescope
    • EPSS Score: %1.78
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22517

    A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially mis... Read more

    Affected Products : data_protector
    • EPSS Score: %0.50
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22516

    Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.... Read more

    Affected Products : secure_api_manager
    • EPSS Score: %0.32
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22515

    Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.... Read more

    Affected Products : netiq_advanced_authentication
    • EPSS Score: %0.19
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22514

    An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.... Read more

    • EPSS Score: %1.78
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22513

    Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.... Read more

    Affected Products : application_automation_tools
    • EPSS Score: %0.14
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22512

    Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.... Read more

    Affected Products : application_automation_tools
    • EPSS Score: %0.12
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22511

    Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates.... Read more

    Affected Products : application_automation_tools
    • EPSS Score: %0.09
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results