Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-3839

    A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of thi... Read more

    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-3837

    openwhyd is vulnerable to Improper Authorization... Read more

    Affected Products : openwhyd
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3836

    dbeaver is vulnerable to Improper Restriction of XML External Entity Reference... Read more

    Affected Products : dbeaver
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3835

    Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf... Read more

    Affected Products : zephyr
    • Published: Feb. 07, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3834

    Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).... Read more

    Affected Products : integria_ims
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3833

    Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login... Read more

    Affected Products : integria_ims
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3832

    Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.... Read more

    Affected Products : integria_ims
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-3831

    gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : gnuboard5 gnuboard
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3830

    btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : btcpay_server btcpayserver
    • Published: Sep. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-3829

    openwhyd is vulnerable to URL Redirection to Untrusted Site... Read more

    Affected Products : openwhyd
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3828

    nltk is vulnerable to Inefficient Regular Expression Complexity... Read more

    Affected Products : nltk
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3827

    A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization ... Read more

    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3826

    Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.... Read more

    Affected Products : fedora gcc
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-3825

    On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.... Read more

    Affected Products : liderahenk
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3824

    OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.... Read more

    Affected Products : openvpn_access_server
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3823

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender Gra... Read more

    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3822

    jsoneditor is vulnerable to Inefficient Regular Expression Complexity... Read more

    Affected Products : jsoneditor
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3820

    inflect is vulnerable to Inefficient Regular Expression Complexity... Read more

    Affected Products : inflect
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3819

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : firefly_iii
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-3818

    grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking... Read more

    Affected Products : grav
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292883 Results