Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-25943

    Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : 101
    • EPSS Score: %2.95
    • Published: May. 14, 2021
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-25941

    Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : deep-override
    • EPSS Score: %2.95
    • Published: May. 14, 2021
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2021-25933

    In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerab... Read more

    Affected Products : opennms horizon meridian
    • EPSS Score: %0.34
    • Published: May. 20, 2021
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2021-25931

    In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerab... Read more

    Affected Products : opennms horizon meridian
    • EPSS Score: %0.22
    • Published: May. 20, 2021
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2021-25930

    In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerab... Read more

    Affected Products : opennms horizon meridian
    • EPSS Score: %0.15
    • Published: May. 20, 2021
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2021-25929

    In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerab... Read more

    Affected Products : opennms horizon meridian
    • EPSS Score: %0.33
    • Published: May. 20, 2021
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-25928

    Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : safe-obj
    • EPSS Score: %3.35
    • Published: Apr. 26, 2021
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-25927

    Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : safe-flat
    • EPSS Score: %3.23
    • Published: Apr. 26, 2021
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2021-37499

    CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.14
    • Published: Jan. 20, 2023
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2021-37498

    An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.13
    • Published: Jan. 20, 2023
    • Modified: Apr. 30, 2025

  • 9.0

    HIGH
    CVE-2021-44153

    An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit thi... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.82
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 8.5

    HIGH
    CVE-2018-5716

    An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST par... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.45
    • Published: Feb. 21, 2018
    • Modified: Apr. 30, 2025

  • 9.3

    HIGH
    CVE-2018-15573

    An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata para... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.26
    • Published: Aug. 20, 2018
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2018-15574

    An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.33
    • Published: Aug. 20, 2018
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2021-44151

    An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An atta... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.40
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2021-44155

    An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to en... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.95
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-28365

    Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, h... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %36.00
    • Published: Apr. 09, 2022
    • Modified: Apr. 30, 2025

  • 8.1

    HIGH
    CVE-2021-37500

    Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.16
    • Published: Jan. 20, 2023
    • Modified: Apr. 30, 2025

  • 7.2

    HIGH
    CVE-2021-44154

    An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.67
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2021-45422

    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %11.59
    • Published: Jan. 13, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291002 Results