Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-23176

    Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.... Read more

    Affected Products : odoo
    • EPSS Score: %0.37
    • Published: Apr. 25, 2023
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-23175

    NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, informat... Read more

    Affected Products : geforce_experience windows
    • EPSS Score: %0.04
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-23174

    Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].... Read more

    Affected Products : download_monitor
    • EPSS Score: %0.42
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-23173

    The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.... Read more

    Affected Products : engage
    • EPSS Score: %0.12
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-23169

    A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.... Read more

    Affected Products : fedora openexr
    • EPSS Score: %0.18
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-23167

    Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versio... Read more

    Affected Products : command_centre
    • EPSS Score: %0.10
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-23163

    JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactor... Read more

    Affected Products : artifactory
    • EPSS Score: %0.13
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-23162

    Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.04... Read more

    Affected Products : command_centre_mobile_connect
    • EPSS Score: %0.19
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23158

    A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.... Read more

    Affected Products : htmldoc
    • EPSS Score: %0.44
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-23157

    WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.... Read more

    Affected Products : levistudiou
    • EPSS Score: %0.57
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-23155

    Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065... Read more

    Affected Products : command_centre_mobile_client
    • EPSS Score: %0.13
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-23154

    In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.... Read more

    Affected Products : lens
    • EPSS Score: %0.15
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-23150

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions.... Read more

    Affected Products : accelerated_mobile_pages
    • EPSS Score: %0.32
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-23147

    Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user wit... Read more

    Affected Products : r6700_firmware r6700
    • EPSS Score: %0.04
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23146

    An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (M... Read more

    Affected Products : command_centre
    • EPSS Score: %0.17
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-23140

    Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 version... Read more

    Affected Products : command_centre
    • EPSS Score: %0.23
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23139

    A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.... Read more

    • EPSS Score: %0.74
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-23138

    WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.... Read more

    Affected Products : levistudiou
    • EPSS Score: %0.64
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-23136

    Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions p... Read more

    Affected Products : command_centre
    • EPSS Score: %0.12
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-23135

    Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7... Read more

    • EPSS Score: %0.06
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results