Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-45454

    Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon.... Read more

    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-45452

    Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.... Read more

    Affected Products : fedora django
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45451

    In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.... Read more

    Affected Products : fedora mbed_tls
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45450

    In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.... Read more

    Affected Products : fedora mbed_tls
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45449

    Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0... Read more

    Affected Products : desktop docker_desktop
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-45448

    Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.  The software uses external... Read more

    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-45447

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.   The transmission of sensitive data in clear text allows unauthorized act... Read more

    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45446

    A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of a... Read more

    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45445

    Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.... Read more

    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45444

    In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.... Read more

    Affected Products : fedora debian_linux macos mac_os_x zsh
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-45442

    A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please ... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45441

    A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45440

    A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Pleas... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45435

    An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.... Read more

    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45428

    TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45427

    Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.... Read more

    Affected Products : xweb300d_evo_firmware xweb300d_evo
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-45425

    Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.... Read more

    Affected Products : safari_montage
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-45421

    Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and sh... Read more

    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45420

    Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of au... Read more

    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-45419

    Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9.... Read more

    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293664 Results