Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2021-3888

    libmobi is vulnerable to Use of Out-of-range Pointer Offset... Read more

    Affected Products : libmobi
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3882

    LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain ... Read more

    Affected Products : ledgersmb
    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3881

    libmobi is vulnerable to Out-of-bounds Read... Read more

    Affected Products : libmobi
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3879

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : snipe-it
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3875

    vim is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora vim
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3874

    bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Read more

    Affected Products : bookstack
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3872

    vim is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora debian_linux vim
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-3869

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference... Read more

    Affected Products : corenlp
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3866

    Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.... Read more

    Affected Products : zulip
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-3864

    A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will th... Read more

    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3863

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : snipe-it
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3862

    icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : icecoder
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-3861

    The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj... Read more

    Affected Products : zephyr
    • Published: Feb. 07, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3860

    JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.... Read more

    Affected Products : artifactory
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3859

    A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.... Read more

    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3858

    snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : snipe-it
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-3857

    chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : chaskiq
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-3856

    ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content o... Read more

    Affected Products : keycloak single_sign-on
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3855

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management ... Read more

    Affected Products : port_mys
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3854

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.... Read more

    Affected Products : useroam_hotspot
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292916 Results