Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-43830

    OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another bu... Read more

    Affected Products : openproject
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43829

    PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file ... Read more

    Affected Products : patrowlmanager
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43828

    PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_... Read more

    Affected Products : patrowlmanager
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43827

    discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogir... Read more

    Affected Products : discourse_footnote
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43826

    Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunnelin... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43825

    Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43824

    Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-43823

    Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved S... Read more

    Affected Products : sourcegraph
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-43822

    Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to... Read more

    Affected Products : jackalope_doctrine-dbal
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-43821

    Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and ... Read more

    Affected Products : opencast
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-43820

    Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or Sea... Read more

    Affected Products : seafile_server
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-43818

    lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that emplo... Read more

    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-43817

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabor... Read more

    Affected Products : online richdocumentscode
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-43816

    containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the... Read more

    Affected Products : fedora containerd
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43815

    Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data sour... Read more

    Affected Products : grafana
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43814

    Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 EL... Read more

    Affected Products : rizin
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43813

    Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only ... Read more

    Affected Products : grafana
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-43812

    The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. ... Read more

    Affected Products : nextjs-auth0
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43811

    Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitra... Read more

    Affected Products : sockeye
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43810

    Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properl... Read more

    Affected Products : admidio
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293605 Results