Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-4234

    OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.... Read more

    Affected Products : openvpn_access_server
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-4232

    A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is poss... Read more

    Affected Products : zoo_management_system
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-4231

    A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require... Read more

    Affected Products : angular
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-4230

    A vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensitive data without proper authentication. It is recommende... Read more

    Affected Products : airfield_online
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4229

    A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is reco... Read more

    Affected Products : ua-parser-js
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-4228

    Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.... Read more

    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4225

    The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by che... Read more

    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-4222

    The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed... Read more

    Affected Products : wp-paginate
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4219

    A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.... Read more

    Affected Products : imagemagick
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4218

    A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is s... Read more

    Affected Products : linux_kernel
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-4217

    A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.... Read more

    Affected Products : enterprise_linux fedora unzip
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4216

    A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.... Read more

    Affected Products : mupdf
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4214

    A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.... Read more

    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-4213

    A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a de... Read more

    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-4212

    A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more

    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-4211

    A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more

    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-4210

    A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more

    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4209

    A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.... Read more

    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-4208

    The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users... Read more

    Affected Products : exportfeed
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-4204

    An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.... Read more

    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294534 Results