Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-4131

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Dec. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4130

    snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : snipe-it
    • Published: Dec. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-4125

    It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images,... Read more

    Affected Products : openshift
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-4124

    janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : janus
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4123

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4122

    It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanentl... Read more

    Affected Products : cryptsetup
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-4121

    yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-4120

    snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict sn... Read more

    Affected Products : ubuntu_linux fedora snapd
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4119

    bookstack is vulnerable to Improper Access Control... Read more

    Affected Products : bookstack
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4118

    pytorch-lightning is vulnerable to Deserialization of Untrusted Data... Read more

    Affected Products : pytorch_lightning pytorch_lightning
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-4117

    yetiforcecrm is vulnerable to Business Logic Errors... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2021-4116

    yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-4115

    There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing ... Read more

    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4112

    A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.... Read more

    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-4111

    yetiforcecrm is vulnerable to Business Logic Errors... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-4110

    mruby is vulnerable to NULL Pointer Dereference... Read more

    Affected Products : mruby
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-4108

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : snipe-it
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-4107

    yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4106

    A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0... Read more

    Affected Products : snow_inventory_java_scanner
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4105

    Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. ... Read more

    • Published: Feb. 24, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294717 Results