Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-20795

    Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.... Read more

    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20793

    Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspeci... Read more

    Affected Products : audio_usb_driver hap_music_transfer
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20792

    Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.... Read more

    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-20791

    Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via... Read more

    Affected Products : revoworks_browser
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-20790

    Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.... Read more

    Affected Products : revoworks_browser
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20789

    Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.... Read more

    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20788

    Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the ver... Read more

    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-20787

    Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ... Read more

    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20786

    Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the vers... Read more

    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-20785

    Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ... Read more

    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20783

    Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.... Read more

    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20782

    Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : software_license_manager
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20781

    Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20780

    Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : wordpress_currency_switcher
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20779

    Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : wordpress_email_template_designer
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20778

    Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors.... Read more

    Affected Products : ec-cube
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20777

    Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.... Read more

    Affected Products : gu
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20776

    Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.... Read more

    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20775

    Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.... Read more

    Affected Products : garoon
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20774

    Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293609 Results