Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-20662

    Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-20661

    Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20660

    Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20659

    SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20658

    SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-20657

    Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20656

    Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20655

    FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : filezen
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20654

    Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.... Read more

    Affected Products : wekan
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-20653

    Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges ... Read more

    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20652

    Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : name_directory
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-20651

    Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.... Read more

    Affected Products : file_manager
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20650

    Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/o... Read more

    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-20649

    ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.... Read more

    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-20648

    ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.... Read more

    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20647

    Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or ... Read more

    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20646

    Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or ... Read more

    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20645

    Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.... Read more

    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20644

    ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.... Read more

    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20643

    Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.... Read more

    Affected Products : ld-ps\/u1_firmware ld-ps\/u1
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results