Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-25928

    Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : safe-obj
    • EPSS Score: %3.35
    • Published: Apr. 26, 2021
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-25927

    Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : safe-flat
    • EPSS Score: %3.23
    • Published: Apr. 26, 2021
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2021-37499

    CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.14
    • Published: Jan. 20, 2023
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2021-37498

    An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.13
    • Published: Jan. 20, 2023
    • Modified: Apr. 30, 2025

  • 9.0

    HIGH
    CVE-2021-44153

    An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit thi... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.82
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 8.5

    HIGH
    CVE-2018-5716

    An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST par... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.45
    • Published: Feb. 21, 2018
    • Modified: Apr. 30, 2025

  • 9.3

    HIGH
    CVE-2018-15573

    An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata para... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.26
    • Published: Aug. 20, 2018
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2018-15574

    An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.33
    • Published: Aug. 20, 2018
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2021-44151

    An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An atta... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.40
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2021-44155

    An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to en... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.95
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-28365

    Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, h... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %36.00
    • Published: Apr. 09, 2022
    • Modified: Apr. 30, 2025

  • 8.1

    HIGH
    CVE-2021-37500

    Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.16
    • Published: Jan. 20, 2023
    • Modified: Apr. 30, 2025

  • 7.2

    HIGH
    CVE-2021-44154

    An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.67
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2021-45422

    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %11.59
    • Published: Jan. 13, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-28364

    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.37
    • Published: Apr. 09, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-28363

    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %17.39
    • Published: Apr. 09, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-30519

    XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.36
    • Published: Dec. 29, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2023-44031

    Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.... Read more

    • EPSS Score: %0.06
    • Published: Feb. 03, 2024
    • Modified: Apr. 30, 2025

  • 5.9

    MEDIUM
    CVE-2024-50602

    An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.... Read more

    Affected Products : python libexpat
    • Published: Oct. 27, 2024
    • Modified: Apr. 30, 2025

  • 5.9

    MEDIUM
    CVE-2023-4813

    A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswit... Read more

    • EPSS Score: %0.31
    • Published: Sep. 12, 2023
    • Modified: Apr. 30, 2025
Showing 20 of 291216 Results