Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2021-20079

    Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.... Read more

    Affected Products : nessus
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-20078

    Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.... Read more

    Affected Products : manageengine_opmanager
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-20077

    Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obta... Read more

    Affected Products : nessus_agent
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20076

    Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserializa... Read more

    Affected Products : tenable.sc
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20075

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20074

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20073

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-20072

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-20071

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-20070

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-20069

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-20068

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-20067

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.... Read more

    Affected Products : m\!dge_firmware m\!dge
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-20066

    JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.... Read more

    Affected Products : jsdom
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20051

    SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution i... Read more

    Affected Products : global_vpn_client
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20050

    An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.... Read more

    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20049

    A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.... Read more

    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20048

    A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20047

    SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.... Read more

    Affected Products : global_vpn_client
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20046

    A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, ... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293948 Results