Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2021-23271

    The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected r... Read more

    Affected Products : ebx
    • EPSS Score: %0.33
    • Published: Feb. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23270

    In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 ... Read more

    Affected Products : gargoyle
    • EPSS Score: %0.33
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-23267

    Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.46
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-23266

    An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.... Read more

    Affected Products : craftercms crafter_cms
    • EPSS Score: %0.24
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-23265

    A logged-in and authenticated user with a Reviewer Role may lock a content item.... Read more

    Affected Products : craftercms crafter_cms
    • EPSS Score: %0.23
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-23264

    Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %1.09
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23263

    Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.94
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-23262

    Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.55
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-23261

    Authenticated administrators may override the system configuration file and cause a denial of service.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.37
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-23260

    Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.79
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-23259

    Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands r... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.39
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-23258

    Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE).... Read more

    Affected Products : crafter_cms
    • EPSS Score: %0.29
    • Published: Dec. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-23253

    Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the fr... Read more

    Affected Products : opera_mini
    • EPSS Score: %0.24
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23247

    A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine... Read more

    Affected Products : quick_app
    • EPSS Score: %3.36
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23246

    In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.... Read more

    Affected Products : coloros ace2
    • EPSS Score: %0.32
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-23244

    ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.... Read more

    Affected Products : coloros
    • EPSS Score: %0.16
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-23243

    In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.... Read more

    • EPSS Score: %0.04
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-23242

    MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.... Read more

    Affected Products : mercury_x18g_firmware mercury_x18g
    • EPSS Score: %0.38
    • Published: Jan. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-23241

    MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.... Read more

    Affected Products : mercury_x18g_firmware mercury_x18g
    • EPSS Score: %57.89
    • Published: Jan. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-23240

    selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permis... Read more

    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292288 Results