Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2021-22128

    An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection f... Read more

    Affected Products : fortiproxy
    • EPSS Score: %0.38
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-22127

    An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user int... Read more

    Affected Products : forticlient
    • EPSS Score: %0.31
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-22125

    An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.... Read more

    Affected Products : fortisandbox
    • EPSS Score: %0.31
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22124

    An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bri... Read more

    Affected Products : fortisandbox fortiauthenticator
    • EPSS Score: %1.14
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-22123

    An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.... Read more

    Affected Products : fortiweb
    • EPSS Score: %85.70
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22122

    An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malic... Read more

    Affected Products : fortiweb
    • EPSS Score: %61.54
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22119

    Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux... Read more

    • EPSS Score: %5.59
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22118

    In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modif... Read more

    • EPSS Score: %0.26
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22116

    RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target R... Read more

    Affected Products : debian_linux rabbitmq
    • EPSS Score: %0.80
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22115

    Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud C... Read more

    Affected Products : capi-release cf-deployment
    • EPSS Score: %0.22
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-22114

    Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, ... Read more

    Affected Products : spring_integration_zip
    • EPSS Score: %0.39
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-22113

    Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use... Read more

    Affected Products : spring_cloud_netflix_zuul
    • EPSS Score: %0.16
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-22112

    Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug... Read more

    • EPSS Score: %0.98
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22101

    Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by ge... Read more

    Affected Products : capi-release cf-deployment
    • EPSS Score: %0.98
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-22100

    In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to... Read more

    Affected Products : capi-release cf-deployment
    • EPSS Score: %0.52
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22098

    UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of U... Read more

    • EPSS Score: %0.27
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-22097

    In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java... Read more

    • EPSS Score: %0.59
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-22096

    In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.... Read more

    • EPSS Score: %0.22
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22095

    In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message... Read more

    • EPSS Score: %0.59
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-22060

    In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against... Read more

    • EPSS Score: %0.18
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results