Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2021-22699

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP....

Affected Products : modicon_m241_firmware modicon_m251_firmware modicon_m241 modicon_m251
Published: May. 26, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-22698

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when ...

Affected Products : ecostruxure_power_build_-_rapsody
Published: Jan. 26, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-22697

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious ...

Affected Products : ecostruxure_power_build_-_rapsody
Published: Jan. 26, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-22696

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" paramete...

Affected Products : business_intelligence communications_diameter_intelligence_hub communications_session_report_manager communications_session_route_manager communications_element_manager cxf
Published: Apr. 02, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-22685

An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1....

Affected Products : access_controller
Published: Oct. 14, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-22684

Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash...

Affected Products : tizenrt
Published: Aug. 31, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-22683

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution....

Affected Products : fvdesigner
Published: Mar. 03, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-22682

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local ...

Affected Products : cscape
Published: Apr. 23, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 55...

Affected Products : studio_5000_logix_designer factorytalk_services_platform rslogix_5000 compactlogix_5380 compactlogix_5480 controllogix_5580 guardlogix_5580 compact_guardlogix_5370 compact_guardlogix_5380 compactlogix_1768 +10 more products
Published: Mar. 03, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-22680

NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote ...

Affected Products : mqx
Published: May. 03, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-22679

The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versio...

Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit
Published: May. 07, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-22678

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process....

Affected Products : cscape
Published: Apr. 23, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-22677

An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.0...

Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit
Published: May. 07, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintend...

Affected Products : webaccess\/scada
Published: Aug. 10, 2021

Modified: Nov. 21, 2024
7.2

HIGH

CVE-2021-22675

The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and pr...

Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit
Published: May. 07, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-22674

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1)....

Affected Products : webaccess\/scada
Published: Aug. 10, 2021

Modified: Nov. 21, 2024
8.0

HIGH

CVE-2021-22673

The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX...

Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit
Published: May. 07, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-22672

Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code....

Affected Products : cncsoft_screeneditor
Published: May. 10, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-22671

Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4...

Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit
Published: May. 07, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-22670

An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution....

Affected Products : fvdesigner
Published: Mar. 03, 2021

Modified: Nov. 21, 2024

Showing 20 of 293302 Results

Browse by Apps

Latest CVE Feed

7.8

7.8

7.8

7.5

7.5

7.5

7.8

7.8

9.8

9.8

9.8

7.8

7.8

6.1

7.2

6.5

8.0

7.8

9.8

7.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable