Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-42585

    A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.... Read more

    Affected Products : libredwg
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42584

    A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32.... Read more

    Affected Products : convos
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42583

    A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.... Read more

    Affected Products : maddy maddy
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-42581

    Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function. NO... Read more

    Affected Products : ramda
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42577

    An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.... Read more

    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42576

    The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.... Read more

    Affected Products : bluemonday pybluemonday
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42575

    The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.... Read more

    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-42574

    An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical or... Read more

    Affected Products : fedora starwind_virtual_san unicode
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42568

    Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.... Read more

    Affected Products : nexus_repository_manager
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42567

    Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.... Read more

    Affected Products : central_authentication_service
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42566

    myfactory.FMS before 7.1-912 allows XSS via the Error parameter.... Read more

    Affected Products : fms
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42565

    myfactory.FMS before 7.1-912 allows XSS via the UID parameter.... Read more

    Affected Products : fms
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42564

    An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refres... Read more

    Affected Products : cryptshare_server
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-42563

    There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.... Read more

    Affected Products : windows ni_service_locator
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-42562

    An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-42561

    An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in ord... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42560

    An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server ... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-42559

    An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will exe... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-42558

    An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.... Read more

    Affected Products : caldera
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-42557

    In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials.... Read more

    Affected Products : jeedom
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293517 Results