Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-23937

    A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered ... Read more

    Affected Products : wicket
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23936

    OX App Suite through 7.10.4 allows XSS via the subject of a task.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23935

    OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23934

    OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23933

    OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23932

    OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23931

    OX App Suite through 7.10.4 allows XSS via an inline binary file.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23930

    OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23929

    OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23928

    OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-23927

    OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-23926

    The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.... Read more

    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23925

    An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.... Read more

    Affected Products : devolutions_server
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23924

    An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.... Read more

    Affected Products : devolutions_server
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-23923

    An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.... Read more

    Affected Products : devolutions_server
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-23922

    An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.... Read more

    Affected Products : remote_desktop_manager
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-23921

    An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.... Read more

    Affected Products : devolutions_server
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23910

    An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.... Read more

    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23909

    An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.... Read more

    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23908

    An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.... Read more

    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results