Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-20723

    Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary... Read more

    Affected Products : mailform01
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20722

    Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code w... Read more

    Affected Products : scansnap_manager
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20721

    KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via unspecified vectors. If the file contains PHP scripts, arbitrary code may be executed.... Read more

    Affected Products : konawiki
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20720

    SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to execute arbitrary SQL commands and to obtain/alter the information stored in the database via unspecified vectors.... Read more

    Affected Products : konawiki
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-20719

    RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 and earlier allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors.... Read more

    Affected Products : rfntps_firmware rfntps
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20718

    mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.... Read more

    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20717

    Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execu... Read more

    Affected Products : ec-cube
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20716

    Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11... Read more

    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20715

    Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.... Read more

    Affected Products : hot_pepper_gourmet
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20714

    Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors.... Read more

    Affected Products : wp_fastest_cache
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20713

    Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, ... Read more

    Affected Products : qnd
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-20712

    Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall f... Read more

    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20711

    Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.... Read more

    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20710

    Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.... Read more

    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20709

    Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privil... Read more

    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20708

    NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted ... Read more

    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20707

    Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for ... Read more

    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20706

    Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows ... Read more

    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20705

    Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows ... Read more

    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20704

    Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServer... Read more

    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results