Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-41267

    Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache ... Read more

    Affected Products : symfony
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41266

    Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All user... Read more

    Affected Products : minio_console console
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41264

    OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `... Read more

    Affected Products : contracts openzeppelin_contracts
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41263

    rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these... Read more

    Affected Products : rails_multisite
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41262

    Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as... Read more

    Affected Products : galette
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-41261

    Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altere... Read more

    Affected Products : galette
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41260

    Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. The... Read more

    Affected Products : galette
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-41258

    Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML spe... Read more

    Affected Products : kirby
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-41256

    nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent ... Read more

    Affected Products : news
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-41254

    kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts... Read more

    Affected Products : kustomize-controller
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-41253

    Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap b... Read more

    Affected Products : zydis
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-41252

    Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwis... Read more

    Affected Products : kirby
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-41251

    @sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinat... Read more

    Affected Products : cloud_sdk
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-41250

    Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by includ... Read more

    Affected Products : bot
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-41249

    GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop value... Read more

    Affected Products : playground
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-41248

    GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop v... Read more

    Affected Products : graphiql
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41247

    JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the singl... Read more

    Affected Products : jupyterhub
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41246

    Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the applica... Read more

    Affected Products : express_openid_connect
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-41245

    Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the sessi... Read more

    Affected Products : itop
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-41244

    Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from oth... Read more

    Affected Products : grafana
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293408 Results