Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-4089

    snipe-it is vulnerable to Improper Access Control... Read more

    Affected Products : snipe-it
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-4088

    SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead... Read more

    Affected Products : data_loss_prevention
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-4084

    pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : pimcore
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-4083

    A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to cr... Read more

    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4082

    pimcore is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : pimcore
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-4081

    pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : pimcore
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4080

    crater is vulnerable to Unrestricted Upload of File with Dangerous Type... Read more

    Affected Products : crater
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4079

    Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.... Read more

    Affected Products : debian_linux chrome
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4078

    Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : debian_linux chrome
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-4076

    A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.... Read more

    Affected Products : tang
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-4075

    snipe-it is vulnerable to Server-Side Request Forgery (SSRF)... Read more

    Affected Products : snipe-it
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-4074

    The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1... Read more

    Affected Products : whmcs_bridge
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4073

    The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_... Read more

    Affected Products : registrationmagic
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-4072

    elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : elgg
    • Published: Dec. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-4070

    Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.... Read more

    Affected Products : v2ray-core
    • Published: Feb. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4069

    vim is vulnerable to Use After Free... Read more

    Affected Products : fedora debian_linux vim
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4068

    Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4067

    Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4066

    Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4065

    Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294121 Results