Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-4154

    A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a... Read more

    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4150

    A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4149

    A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4148

    A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.... Read more

    Affected Products : linux_kernel fedora
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4147

    A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.... Read more

    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4146

    Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.... Read more

    Affected Products : pimcore
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4145

    A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest c... Read more

    Affected Products : enterprise_linux qemu
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4144

    TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.... Read more

    Affected Products : tl-wr802n_firmware tl-wr802n
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-4143

    Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0.... Read more

    Affected Products : bigbluebutton
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4142

    The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.... Read more

    Affected Products : candlepin
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-4139

    pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : pimcore
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-4138

    Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.... Read more

    Affected Products : geckodriver
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4136

    vim is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora vim macos mac_os_x
    • Published: Dec. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4135

    A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized a... Read more

    Affected Products : linux_kernel
    • Published: Jul. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-4134

    The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inj... Read more

    Affected Products : fancy_product_designer
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4133

    A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.... Read more

    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-4132

    livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4131

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Dec. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4130

    snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : snipe-it
    • Published: Dec. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-4125

    It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images,... Read more

    Affected Products : openshift
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294071 Results