Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2021-3904

    grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : grav
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3903

    vim is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora debian_linux vim
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3901

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : firefly_iii
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3900

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : firefly_iii
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3898

    Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker.... Read more

    Affected Products : device_help ready_for
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3897

    An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SM... Read more

    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-3889

    libmobi is vulnerable to Use of Out-of-range Pointer Offset... Read more

    Affected Products : libmobi
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-3888

    libmobi is vulnerable to Use of Out-of-range Pointer Offset... Read more

    Affected Products : libmobi
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3882

    LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain ... Read more

    Affected Products : ledgersmb
    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3881

    libmobi is vulnerable to Out-of-bounds Read... Read more

    Affected Products : libmobi
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3879

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : snipe-it
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3875

    vim is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora vim
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3874

    bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Read more

    Affected Products : bookstack
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3872

    vim is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora debian_linux vim
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-3869

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference... Read more

    Affected Products : corenlp
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3866

    Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.... Read more

    Affected Products : zulip
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-3864

    A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will th... Read more

    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3863

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : snipe-it
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3862

    icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : icecoder
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-3861

    The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj... Read more

    Affected Products : zephyr
    • Published: Feb. 07, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292883 Results