Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2021-3751

libmobi is vulnerable to Out-of-bounds Write...

Affected Products : libmobi
Published: Sep. 15, 2021

Modified: Nov. 21, 2024
8.2

HIGH

CVE-2021-3750

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and tri...

Affected Products : enterprise_linux qemu
Published: May. 02, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-3749

axios is vulnerable to Inefficient Regular Expression Complexity...

Affected Products : sinec_ins goldengate axios
Published: Aug. 31, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest cou...

Affected Products : ubuntu_linux enterprise_linux fedora debian_linux qemu enterprise_linux_advanced_virtualization_eus
Published: Mar. 23, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3747

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner....

Affected Products : macos multipass
Published: Oct. 01, 2021

Modified: Nov. 21, 2024
7.1

HIGH

CVE-2021-3746

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written...

Affected Products : enterprise_linux fedora libtpms
Published: Oct. 19, 2021

Modified: Nov. 21, 2024
8.0

HIGH

CVE-2021-3745

flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type...

Affected Products : flatcore-cms
Published: Oct. 28, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3744

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808....

Affected Products : linux_kernel enterprise_linux fedora debian_linux enterprise_linux_server_eus enterprise_linux_server_tus enterprise_linux_eus virtualization_host developer_tools communications_cloud_native_core_policy +14 more products
Published: Mar. 04, 2022

Modified: Nov. 21, 2024
7.1

HIGH

CVE-2021-3743

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel inform...

Affected Products : linux_kernel fedora h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware communications_cloud_native_core_policy communications_cloud_native_core_binding_support_function h300s +11 more products
Published: Mar. 04, 2022

Modified: Nov. 21, 2024
7.1

HIGH

CVE-2021-3739

A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal informati...

Affected Products : linux_kernel fedora h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s h500s +8 more products
Published: Mar. 10, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3738

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly...

Affected Products : samba
Published: Mar. 02, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this...

Affected Products : ubuntu_linux enterprise_linux fedora ontap_select_deploy_administration_utility python communications_cloud_native_core_policy enterprise_linux_for_power_little_endian codeready_linux_builder codeready_linux_builder_for_ibm_z_systems enterprise_linux_for_ibm_z_systems +7 more products
Published: Mar. 04, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3736

A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information....

Affected Products : linux_kernel
Published: Aug. 23, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3734

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...

Affected Products : yourls
Published: Aug. 26, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication reques...

Affected Products : enterprise_linux fedora enterprise_linux_server_aus enterprise_linux_server_tus ontap_select_deploy_administration_utility enterprise_linux_eus python enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +10 more products
Published: Mar. 10, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3732

A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible....

Affected Products : linux_kernel
Published: Mar. 10, 2022

Modified: Nov. 21, 2024
5.9

MEDIUM

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions....

Affected Products : debian_linux ledgersmb
Published: Aug. 23, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-3730

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)...

Affected Products : firefly_iii
Published: Aug. 23, 2021

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2021-3729

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)...

Affected Products : firefly_iii
Published: Aug. 23, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-3728

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)...

Affected Products : firefly_iii
Published: Aug. 23, 2021

Modified: Nov. 21, 2024

Showing 20 of 292883 Results

Browse by Apps

Latest CVE Feed

9.8

8.2

7.8

7.5

8.8

7.1

8.0

5.5

7.1

7.1

8.8

7.5

5.5

8.8

6.5

5.5

5.9

6.5

4.3

6.5

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable