Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-4177

    livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information... Read more

    Affected Products : live_helper_chat
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-4176

    livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : live_helper_chat
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2021-4175

    livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : live_helper_chat
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4173

    vim is vulnerable to Use After Free... Read more

    Affected Products : fedora vim macos mac_os_x
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4172

    Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.... Read more

    Affected Products : showdoc
    • Published: Jan. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4171

    calibre-web is vulnerable to Business Logic Errors... Read more

    Affected Products : calibre-web calibre-web
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-4170

    calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : calibre-web calibre-web
    • Published: Jan. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-4169

    livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : live_helper_chat
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4168

    showdoc is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : showdoc
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-4166

    vim is vulnerable to Out-of-bounds Read... Read more

    • Published: Dec. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4164

    calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : calibre-web calibre-web
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4162

    archivy is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : archivy
    • Published: Dec. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4161

    The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.... Read more

    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-4160

    There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely a... Read more

    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-4159

    A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak in... Read more

    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.0

    MEDIUM
    CVE-2021-4158

    A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.... Read more

    Affected Products : enterprise_linux qemu
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-4157

    An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the sy... Read more

    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-4156

    An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could t... Read more

    Affected Products : debian_linux libsndfile
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4155

    A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4154

    A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a... Read more

    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294267 Results