Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-3184

    MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.... Read more

    Affected Products : misp misp
    • EPSS Score: %0.24
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3183

    Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.... Read more

    Affected Products : fat_client
    • EPSS Score: %0.28
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-3182

    D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    Affected Products : dcs-5220_firmware dcs-5220
    • EPSS Score: %0.16
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3181

    rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message... Read more

    Affected Products : fedora debian_linux mutt
    • EPSS Score: %1.86
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3179

    GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.... Read more

    Affected Products : gglocker
    • EPSS Score: %0.07
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3178

    fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory ex... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.39
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3177

    Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_dou... Read more

    • EPSS Score: %0.04
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-3176

    The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A success... Read more

    Affected Products : businesscti_enterprise
    • EPSS Score: %0.42
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3169

    An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.... Read more

    Affected Products : jumpserver jumpserver
    • EPSS Score: %1.08
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3167

    In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.... Read more

    Affected Products : data_engineering
    • EPSS Score: %0.41
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3166

    An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services... Read more

    • EPSS Score: %4.71
    • Published: Jan. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3165

    SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.... Read more

    Affected Products : smartagent
    • EPSS Score: %0.30
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3164

    ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.... Read more

    Affected Products : churchrota
    • EPSS Score: %21.19
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3163

    A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not ... Read more

    Affected Products : quill
    • EPSS Score: %0.50
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3162

    Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.... Read more

    Affected Products : macos docker
    • EPSS Score: %0.02
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3160

    Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthentica... Read more

    Affected Products : assuweb
    • EPSS Score: %14.33
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3159

    A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.... Read more

    Affected Products : landray_ekp
    • EPSS Score: %0.18
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3155

    snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04... Read more

    Affected Products : ubuntu_linux snapd
    • EPSS Score: %0.04
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3154

    An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.... Read more

    Affected Products : serv-u
    • EPSS Score: %2.91
    • Published: May. 04, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3153

    HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.... Read more

    Affected Products : terraform terraform_enterprise
    • EPSS Score: %0.14
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292510 Results