Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-39918

    Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be ac... Read more

    Affected Products : gitlab
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-40126

    A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the ... Read more

    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4425

    The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauth... Read more

    Affected Products : defender_security
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-5195

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data dis... Read more

    Affected Products : gitlab
    • Published: Jun. 12, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2021-2341

    Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Diffi... Read more

    Affected Products : fedora debian_linux jdk jre graalvm openjdk
    • Published: Jul. 21, 2021
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2021-4122

    It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanentl... Read more

    Affected Products : cryptsetup
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-0784

    Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-40496

    SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executio... Read more

    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4089

    snipe-it is vulnerable to Improper Access Control... Read more

    Affected Products : snipe-it
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42121

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unex... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-3200

    Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service... Read more

    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42332

    The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.... Read more

    Affected Products : xinhe_teaching_platform_system
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4414

    The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it pos... Read more

    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42307

    Microsoft Edge (Chromium-based) Information Disclosure Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-43005

    SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low... Read more

    Affected Products : gui_for_windows
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2021-34776

    Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause i... Read more

    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4321

    Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Jul. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4397

    The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthen... Read more

    Affected Products : staff_directory_plugin
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4420

    The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated ... Read more

    Affected Products : sell_media
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-39927

    Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configure... Read more

    Affected Products : gitlab
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293521 Results