Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-4057

    Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4056

    Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4055

    Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4054

    Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4053

    Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4052

    Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-4050

    livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4049

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-4048

    An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using ... Read more

    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-4047

    The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.... Read more

    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-4046

    The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.... Read more

    Affected Products : gim
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-4045

    TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full con... Read more

    Affected Products : tapo_c200_firmware tapo_c200
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-4044

    Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value... Read more

    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-4043

    NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.... Read more

    Affected Products : gpac debian_linux
    • Actively Exploited
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4041

    A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets ... Read more

    Affected Products : ansible_runner
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-4040

    A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of ... Read more

    Affected Products : amq_broker activemq_artemis
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-4039

    A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.... Read more

    Affected Products : nwa1100-nh_firmware nwa1100-nh
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-4038

    Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did n... Read more

    Affected Products : network_security_manager
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4037

    A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in ... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-4035

    A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.... Read more

    Affected Products : wocu_monitoring
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294155 Results