Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-21821

    A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : imagegear
    • EPSS Score: %1.18
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21820

    A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.... Read more

    Affected Products : dir-3040_firmware dir-3040
    • EPSS Score: %2.00
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-21819

    A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnera... Read more

    Affected Products : dir-3040_firmware dir-3040
    • EPSS Score: %1.25
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-21818

    A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerabi... Read more

    Affected Products : dir-3040_firmware dir-3040
    • EPSS Score: %0.64
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-21817

    An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests t... Read more

    Affected Products : dir-3040_firmware dir-3040
    • EPSS Score: %2.35
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-21816

    An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerabil... Read more

    Affected Products : dir-3040_firmware dir-3040
    • EPSS Score: %79.55
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21815

    A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command l... Read more

    Affected Products : xmill
    • EPSS Score: %0.06
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21814

    Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are don... Read more

    Affected Products : xmill
    • EPSS Score: %0.14
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21813

    Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length ... Read more

    Affected Products : xmill
    • EPSS Score: %0.06
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21812

    A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command l... Read more

    Affected Products : xmill
    • EPSS Score: %0.06
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21811

    A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : xmill
    • EPSS Score: %0.59
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21810

    A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : xmill
    • EPSS Score: %0.59
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-21809

    A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.... Read more

    Affected Products : moodle
    • EPSS Score: %68.50
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21808

    A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability... Read more

    Affected Products : imagegear
    • EPSS Score: %0.42
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21807

    An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vu... Read more

    Affected Products : imagegear
    • EPSS Score: %0.46
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21806

    An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigg... Read more

    Affected Products : webkitgtk
    • EPSS Score: %1.60
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-21805

    An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trig... Read more

    Affected Products : r-seenet
    • EPSS Score: %92.43
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21804

    A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request t... Read more

    Affected Products : r-seenet
    • EPSS Score: %27.81
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21803

    This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.... Read more

    Affected Products : r-seenet
    • EPSS Score: %73.89
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21802

    This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.... Read more

    Affected Products : r-seenet
    • EPSS Score: %75.25
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291360 Results