Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2021-40831

    The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. T... Read more

    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40830

    The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supp... Read more

    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40829

    Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake... Read more

    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40828

    Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshak... Read more

    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40827

    Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted M... Read more

    Affected Products : clementine windows
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40826

    Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream ... Read more

    Affected Products : clementine windows
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-40825

    nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an enc... Read more

    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-40824

    A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via craf... Read more

    Affected Products : element matrix-android-sdk2
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-40823

    A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were... Read more

    Affected Products : javascript_sdk
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40822

    GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.... Read more

    Affected Products : geoserver
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40818

    scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.... Read more

    Affected Products : glewlwyd_sso_server
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40814

    The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.... Read more

    Affected Products : customer_photo_gallery
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40813

    A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.... Read more

    Affected Products : http_commander
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40812

    The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.... Read more

    Affected Products : libgd
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-40809

    An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows.... Read more

    Affected Products : jamf
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40797

    An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing... Read more

    Affected Products : neutron smart_vms
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40796

    Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context... Read more

    Affected Products : macos premiere_pro windows
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40795

    Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execut... Read more

    Affected Products : macos premiere_pro windows
    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40794

    Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is requir... Read more

    Affected Products : macos premiere_pro windows
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40793

    Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is requir... Read more

    Affected Products : macos premiere_pro windows
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293330 Results