Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-46899

    SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application.... Read more

    Affected Products : synctrayzor
    • Published: Dec. 09, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-46898

    views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.... Read more

    Affected Products : django_grappelli
    • Published: Oct. 22, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46897

    views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.... Read more

    Affected Products : codered_extensions
    • Published: Oct. 22, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46896

    Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-46895

    Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46894

    Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46893

    Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46892

    Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46891

    Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46890

    Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-46889

    The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.... Read more

    Affected Products : photo_gallery
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46888

    An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with th... Read more

    Affected Products : hledger
    • Published: May. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46837

    res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite i... Read more

    • Published: Aug. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46836

    Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46830

    A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile i... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-46829

    GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code executio... Read more

    Affected Products : fedora debian_linux gdk-pixbuf
    • Published: Jul. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-46827

    An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaS... Read more

    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-46825

    Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP req... Read more

    Affected Products : advanced_secure_gateway proxysg
    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46824

    Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.... Read more

    Affected Products : school_file_management_system
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46823

    python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote aut... Read more

    Affected Products : python-ldap
    • Published: Jun. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293940 Results