Latest CVE Feed
-
7.1
HIGHCVE-2021-43890
We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known a... Read more
Affected Products : windows_10 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_11_21h2 windows_10_1507 windows_10_1709 windows_10_1803 windows_10_21h1 windows_10_1909 +3 more products- Actively Exploited
- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-43889
Microsoft Defender for IoT Remote Code Execution Vulnerability... Read more
Affected Products : defender_for_iot- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-43888
Microsoft Defender for IoT Information Disclosure Vulnerability... Read more
Affected Products : defender_for_iot- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-43883
Windows Installer Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43882
Microsoft Defender for IoT Remote Code Execution Vulnerability... Read more
Affected Products : defender_for_iot- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUM- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGH- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGH- Published: Dec. 29, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGH- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-43863
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFil... Read more
Affected Products : nextcloud- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-43862
jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attack... Read more
Affected Products : jquery.terminal- Published: Dec. 30, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-43861
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines... Read more
Affected Products : mermaid- Published: Dec. 30, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-43860
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the ... Read more
- Published: Jan. 12, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-43858
MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version ... Read more
Affected Products : minio- Published: Dec. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43857
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.... Read more
Affected Products : gerapy- Published: Dec. 27, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-43856
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execut... Read more
Affected Products : wiki.js- Published: Dec. 27, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-43855
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage ... Read more
Affected Products : wiki.js- Published: Dec. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-43854
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) a... Read more
Affected Products : nltk- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
8.7
HIGHCVE-2021-43853
Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected... Read more
- Published: Dec. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-43852
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to ... Read more
Affected Products : oroplatform- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024