Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-3817

    wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command... Read more

    Affected Products : wbce_cms
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3816

    Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.... Read more

    Affected Products : cacti
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3815

    utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more

    Affected Products : utils.js
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3814

    It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.... Read more

    Affected Products : 3scale
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3813

    Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.... Read more

    Affected Products : chatwoot
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-3812

    adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : web_interface
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-3811

    adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : web_interface
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3810

    code-server is vulnerable to Inefficient Regular Expression Complexity... Read more

    Affected Products : code-server
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3807

    ansi-regex is vulnerable to Inefficient Regular Expression Complexity... Read more

    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-3806

    A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.... Read more

    Affected Products : pardus_software_center parduslinux
    • Published: Sep. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3805

    object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more

    Affected Products : debian_linux object-path
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3804

    taro is vulnerable to Inefficient Regular Expression Complexity... Read more

    Affected Products : taro
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3803

    nth-check is vulnerable to Inefficient Regular Expression Complexity... Read more

    Affected Products : debian_linux nth-check
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-3802

    A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.... Read more

    Affected Products : enterprise_linux fedora udisks
    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3801

    prism is vulnerable to Inefficient Regular Expression Complexity... Read more

    Affected Products : prism
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3800

    A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.... Read more

    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-3799

    grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames... Read more

    Affected Products : grav-plugin-admin
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3798

    A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key... Read more

    Affected Products : opencryptoki
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3797

    hestiacp is vulnerable to Use of Wrong Operator in String Comparison... Read more

    Affected Products : control_panel
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-3796

    vim is vulnerable to Use After Free... Read more

    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292883 Results