Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-43616

    The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to ins... Read more

    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-43615

    An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or... Read more

    Affected Products : insydeh2o
    • Published: Feb. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43611

    Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header.... Read more

    Affected Products : belle-sip
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43610

    Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056.... Read more

    Affected Products : belle-sip
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-43609

    An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL co... Read more

    Affected Products : help_desk_server
    • Published: Nov. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43608

    Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user inp... Read more

    Affected Products : database_abstraction_layer
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.0

    MEDIUM
    CVE-2021-43590

    Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of ce... Read more

    Affected Products : enterprise_storage_analytics
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-43589

    Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading... Read more

    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-43588

    Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.... Read more

    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-43587

    Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privile... Read more

    Affected Products : powerpath_management_appliance
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43582

    A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an objec... Read more

    Affected Products : drawings_sdk
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-43581

    An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafte... Read more

    Affected Products : prc_sdk
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-43579

    A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.... Read more

    Affected Products : debian_linux htmldoc
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-43578

    Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenki... Read more

    Affected Products : squash_tm_publisher
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-43577

    Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : owasp_dependency-check
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-43576

    Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities f... Read more

    Affected Products : pom2config
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-43575

    KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility ... Read more

    Affected Products : engineering_tool_software_6
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-43574

    WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    Affected Products : atmail
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43573

    A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.... Read more

    Affected Products : rtl8195am_firmware rtl8195am
    • Published: Nov. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43572

    The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.... Read more

    Affected Products : ecdsa-python
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293604 Results