Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2021-42381

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function... Read more

    Affected Products : fedora busybox
    • Published: Nov. 15, 2021
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2021-42380

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function... Read more

    Affected Products : fedora busybox
    • Published: Nov. 15, 2021
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2021-42379

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function... Read more

    Affected Products : fedora busybox
    • Published: Nov. 15, 2021
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2021-42378

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function... Read more

    Affected Products : fedora busybox
    • Published: Nov. 15, 2021
    • Modified: Apr. 23, 2025

  • 5.5

    MEDIUM
    CVE-2021-42375

    An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions o... Read more

    • Published: Nov. 15, 2021
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2021-41616

    Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was... Read more

    Affected Products : ddlutils
    • Published: Sep. 30, 2021
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2021-37193

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as inva... Read more

    Affected Products : sinema_remote_connect_server
    • Published: Sep. 14, 2021
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2021-37192

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.... Read more

    Affected Products : sinema_remote_connect_server
    • Published: Sep. 14, 2021
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2021-37191

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.... Read more

    Affected Products : sinema_remote_connect_server
    • Published: Sep. 14, 2021
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2021-37190

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.... Read more

    Affected Products : sinema_remote_connect_server
    • Published: Sep. 14, 2021
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2021-37183

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system ... Read more

    Affected Products : sinema_remote_connect_server
    • Published: Sep. 14, 2021
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2021-37177

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected... Read more

    Affected Products : sinema_remote_connect_server
    • Published: Sep. 14, 2021
    • Modified: Apr. 23, 2025

  • 10.0

    HIGH
    CVE-2021-27391

    A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >=... Read more

    • Published: Sep. 14, 2021
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2020-35498

    A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denia... Read more

    Affected Products : fedora debian_linux openvswitch
    • Published: Feb. 11, 2021
    • Modified: Apr. 23, 2025

  • 7.4

    HIGH
    CVE-2020-25638

    A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allo... Read more

    • Published: Dec. 02, 2020
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2024-36390

    MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service... Read more

    Affected Products : ubuntu_linux devicehub
    • Published: Jun. 02, 2024
    • Modified: Apr. 23, 2025

  • 6.4

    MEDIUM
    CVE-2024-5520

    Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, aft... Read more

    Affected Products : opencms
    • Published: May. 30, 2024
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-45596

    A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below ... Read more

    Affected Products : imx6
    • Published: Mar. 05, 2024
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-38366

    IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files... Read more

    Affected Products : filenet_content_manager
    • Published: Mar. 01, 2024
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-50324

    IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038.... Read more

    Affected Products : cognos_command_center
    • Published: Mar. 01, 2024
    • Modified: Apr. 23, 2025
Showing 20 of 293588 Results