Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-43573

    A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.... Read more

    Affected Products : rtl8195am_firmware rtl8195am
    • Published: Nov. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43572

    The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.... Read more

    Affected Products : ecdsa-python
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43571

    The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.... Read more

    Affected Products : ecdsa-node
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43570

    The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.... Read more

    Affected Products : ecdsa-java
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43569

    The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.... Read more

    Affected Products : ecdsa-dotnet
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43568

    The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.... Read more

    Affected Products : elixir_ecdsa
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2021-43566

    All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the... Read more

    Affected Products : samba
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43565

    The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.... Read more

    Affected Products : ssh
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43564

    An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data ... Read more

    Affected Products : job_fair
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43563

    An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the con... Read more

    Affected Products : pixx.io
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43562

    An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various... Read more

    Affected Products : pixx.io
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43561

    An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to explo... Read more

    Affected Products : google_for_jobs
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-43560

    A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.... Read more

    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43559

    A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.... Read more

    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43558

    A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.... Read more

    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43557

    The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For ... Read more

    Affected Products : apisix
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43556

    FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : winproladder
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43555

    mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in ... Read more

    Affected Products : mydesigner
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43554

    FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : winproladder
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43553

    PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.... Read more

    Affected Products : pi_vision
    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293589 Results