Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-3860

    JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.... Read more

    Affected Products : artifactory
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3859

    A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.... Read more

    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3858

    snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : snipe-it
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-3857

    chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : chaskiq
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-3856

    ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content o... Read more

    Affected Products : keycloak single_sign-on
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3855

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management ... Read more

    Affected Products : port_mys
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3854

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.... Read more

    Affected Products : useroam_hotspot
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3853

    chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : chaskiq
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3852

    growi is vulnerable to Authorization Bypass Through User-Controlled Key... Read more

    Affected Products : growi
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3851

    firefly-iii is vulnerable to URL Redirection to Untrusted Site... Read more

    Affected Products : firefly_iii
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-3850

    Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.... Read more

    Affected Products : debian_linux adodb
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3849

    An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. ... Read more

    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3848

    An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with... Read more

    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3847

    An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate... Read more

    Affected Products : linux_kernel fedora
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3846

    firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type... Read more

    Affected Products : firefly_iii
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3845

    ws-scrcpy is vulnerable to External Control of File Name or Path... Read more

    Affected Products : ws_scrcpy
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-3844

    Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential... Read more

    Affected Products : insightvm
    • Published: Mar. 24, 2023
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3843

    A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more

    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3842

    nltk is vulnerable to Inefficient Regular Expression Complexity... Read more

    Affected Products : fedora debian_linux nltk
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3840

    A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package ind... Read more

    Affected Products : antilles
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292883 Results