Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-46906

    In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the sy... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46905

    In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbo... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46904

    In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregist... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2024
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46901

    examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.... Read more

    Affected Products : cetic-6lbr
    • Published: Dec. 31, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-46899

    SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application.... Read more

    Affected Products : synctrayzor
    • Published: Dec. 09, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-46898

    views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.... Read more

    Affected Products : django_grappelli
    • Published: Oct. 22, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46897

    views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.... Read more

    Affected Products : codered_extensions
    • Published: Oct. 22, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46896

    Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-46895

    Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46894

    Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46893

    Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46892

    Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46891

    Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46890

    Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-46889

    The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.... Read more

    Affected Products : photo_gallery
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46888

    An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with th... Read more

    Affected Products : hledger
    • Published: May. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46837

    res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite i... Read more

    • Published: Aug. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-46836

    Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46830

    A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile i... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-46829

    GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code executio... Read more

    Affected Products : fedora debian_linux gdk-pixbuf
    • Published: Jul. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294282 Results