Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-41159

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client ... Read more

    Affected Products : fedora freerdp
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-41158

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attac... Read more

    Affected Products : freeswitch
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-41157

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in ... Read more

    Affected Products : freeswitch
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-41156

    anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions pri... Read more

    Affected Products : time_tracker timetracker
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41155

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositorie... Read more

    Affected Products : tuleap tuleap
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41154

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix... Read more

    Affected Products : tuleap tuleap
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41153

    The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen ... Read more

    Affected Products : evm
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-41152

    OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in t... Read more

    Affected Products : openolat
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-41151

    Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `gi... Read more

    Affected Products : backstage backstage
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-41150

    Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository ... Read more

    Affected Products : tough
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-41149

    Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an... Read more

    Affected Products : tough
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41148

    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to ... Read more

    Affected Products : tuleap tuleap
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-41147

    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in... Read more

    Affected Products : tuleap tuleap
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41146

    qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrows... Read more

    Affected Products : qutebrowser
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-41145

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service v... Read more

    Affected Products : freeswitch
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-41144

    OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue. ... Read more

    Affected Products : magento
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-41143

    OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue. ... Read more

    Affected Products : magento
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-41142

    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A mal... Read more

    Affected Products : tuleap tuleap
    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-41141

    PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the functio... Read more

    Affected Products : debian_linux pjsip
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-41140

    Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discour... Read more

    Affected Products : discourse_reactions
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293408 Results