Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-22860

    EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privil... Read more

    Affected Products : e-document_system
    • Published: Mar. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22859

    The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.... Read more

    Affected Products : e-document_system
    • Published: Mar. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22858

    Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.... Read more

    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22857

    The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.... Read more

    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22856

    The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.... Read more

    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22855

    The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.... Read more

    Affected Products : hr_portal
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22854

    The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.... Read more

    Affected Products : hr_portal
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22853

    The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.... Read more

    Affected Products : hr_portal
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22852

    HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.... Read more

    Affected Products : oaklouds_openid
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22851

    HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.... Read more

    Affected Products : oaklouds_openid
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22850

    HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.... Read more

    Affected Products : oaklouds_portal
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-22849

    Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.... Read more

    Affected Products : hycms-j1
    • Published: Jan. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22848

    HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.... Read more

    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22847

    Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.... Read more

    Affected Products : hycms-j1
    • Published: Jan. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22827

    A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more

    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22826

    A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more

    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-22825

    A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. ... Read more

    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22824

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphica... Read more

    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-22823

    A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA ... Read more

    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22822

    A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted mali... Read more

    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results