Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-45470

    lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts.... Read more

    Affected Products : cve-search
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45469

    In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.... Read more

    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45468

    Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.... Read more

    Affected Products : web_application_firewall
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45465

    A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vuln... Read more

    Affected Products : syngo_fastview
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45463

    load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: ... Read more

    Affected Products : enterprise_linux fedora gimp gegl
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45462

    In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.... Read more

    Affected Products : open5gs
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45461

    FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.... Read more

    Affected Products : freepbx restapps pbxact
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-45460

    A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables t... Read more

    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45459

    lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.... Read more

    Affected Products : node-windows
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45458

    Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlac... Read more

    Affected Products : kylin
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45457

    In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior ver... Read more

    Affected Products : kylin
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45456

    Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This ... Read more

    Affected Products : kylin
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45454

    Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon.... Read more

    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-45452

    Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.... Read more

    Affected Products : fedora django
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45451

    In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.... Read more

    Affected Products : fedora mbed_tls
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45450

    In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.... Read more

    Affected Products : fedora mbed_tls
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45449

    Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0... Read more

    Affected Products : desktop docker_desktop
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-45448

    Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.  The software uses external... Read more

    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-45447

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.   The transmission of sensitive data in clear text allows unauthorized act... Read more

    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45446

    A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of a... Read more

    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293636 Results