Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2021-42721

    Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user ... Read more

    Affected Products : media_encoder windows bridge
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42720

    Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute ... Read more

    Affected Products : bridge
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42719

    Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to exe... Read more

    Affected Products : bridge
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-42716

    An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially ... Read more

    Affected Products : fedora stb_image.h
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-42715

    An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_imag... Read more

    Affected Products : fedora debian_linux stb_image.h
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42714

    Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.... Read more

    Affected Products : windows splashtop
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42713

    Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.... Read more

    Affected Products : windows splashtop
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42712

    Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.... Read more

    Affected Products : streamer
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42711

    Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.... Read more

    Affected Products : network_access_client
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42707

    PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : plc_editor
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42706

    This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer... Read more

    Affected Products : webaccess_hmi_designer
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42705

    PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : plc_editor
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42704

    Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.... Read more

    Affected Products : inkscape
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42703

    This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.... Read more

    Affected Products : webaccess_hmi_designer
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42702

    Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.... Read more

    Affected Products : inkscape
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-42701

    An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.... Read more

    Affected Products : daqfactory
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-42700

    Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.... Read more

    Affected Products : inkscape
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-42699

    The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.... Read more

    Affected Products : daqfactory
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42698

    Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.... Read more

    Affected Products : daqfactory
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42697

    Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.... Read more

    Affected Products : http_server
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293544 Results