Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-20672

    Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.... Read more

    Affected Products : growi
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-20671

    Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution.... Read more

    Affected Products : growi
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20670

    Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors.... Read more

    Affected Products : growi
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20669

    Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.... Read more

    Affected Products : growi
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20668

    Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.... Read more

    Affected Products : growi
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20667

    Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.... Read more

    Affected Products : growi
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20665

    Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, a... Read more

    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20664

    Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 ... Read more

    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20663

    Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type ... Read more

    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20662

    Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-20661

    Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20660

    Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20659

    SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20658

    SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-20657

    Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20656

    Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20655

    FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : filezen
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20654

    Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.... Read more

    Affected Products : wekan
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-20653

    Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges ... Read more

    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20652

    Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : name_directory
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293649 Results