Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.5

MEDIUM

CVE-2021-28650

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE:...

Affected Products : fedora gnome-autoar
Published: Mar. 17, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28646

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations....

Affected Products : apex_one officescan
Published: Apr. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28675

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load....

Affected Products : fedora pillow
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28617

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of t...

Affected Products : windows animate
Published: Aug. 24, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28601

Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the ...

Affected Products : windows after_effects
Published: Aug. 24, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28593

Adobe Illustrator version 25.2.3 (and earlier) is affected by a Use After Free vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose potential sensitive information in the context of...

Affected Products : windows illustrator
Published: Aug. 20, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28479

Windows CSC Service Information Disclosure Vulnerability...

Affected Products : windows_10 windows_8.1 windows_rt_8.1 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_1507 +6 more products
Published: May. 11, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28438

Windows Console Driver Denial of Service Vulnerability...

Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1809 windows_10_20h2 windows_10_1803 windows_10_1909 windows_server_20h2 windows_server_1909 windows_server_2004
Published: Apr. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28443

Windows Console Driver Denial of Service Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
Published: Apr. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-28318

Windows GDI+ Information Disclosure Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
Published: Apr. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2015-2655

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vectors....

Affected Products : database_server
Published: Jul. 16, 2015

Modified: Apr. 12, 2025
5.5

MEDIUM

CVE-2021-28437

Windows Installer Information Disclosure Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
Published: Apr. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2015-1487

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename....

Affected Products : endpoint_protection_manager
Published: Aug. 01, 2015

Modified: Apr. 12, 2025
5.5

MEDIUM

CVE-2021-28309

Windows Kernel Information Disclosure Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
Published: Apr. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2015-0175

IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors....

Affected Products : websphere_application_server
Published: Apr. 27, 2015

Modified: Apr. 12, 2025
5.5

MEDIUM

CVE-2014-9814

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file....

Affected Products : imagemagick
Published: Mar. 30, 2017

Modified: Apr. 20, 2025
5.5

MEDIUM

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi....

Affected Products : h8922_firmware h8922
Published: May. 06, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-27845

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c...

Affected Products : jasper
Published: Jul. 15, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-27815

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash....

Affected Products : fedora exif
Published: Apr. 14, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2014-8181

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace....

Affected Products : enterprise_linux enterprise_mrg
Published: Nov. 06, 2019

Modified: Nov. 21, 2024

Showing 20 of 293353 Results

Browse by Apps

Latest CVE Feed

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable