Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.3

MEDIUM

CVE-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product....

Affected Products : espocrm
Published: Aug. 04, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-3538

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an a...

Affected Products : go.uuid uuid
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
5.9

MEDIUM

CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be u...

Affected Products : enterprise_linux fedora debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility peoplesoft_enterprise_peopletools libxml2 clustered_data_ontap enterprise_manager_ops_center real_user_experience_insight +11 more products
Published: May. 14, 2021

Modified: Nov. 21, 2024
4.8

MEDIUM

CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity....

Affected Products : wildfly jboss_enterprise_application_platform data_grid jboss_a-mq build_of_quarkus integration_camel_k integration_service_registry integration_camel_quarkus descision_manager
Published: May. 20, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-3535

Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to ...

Affected Products : nexpose
Published: Jun. 16, 2021

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2021-3531

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of ...

Affected Products : fedora ceph_storage ceph
Published: May. 18, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3530

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash....

Affected Products : binutils ontap_select_deploy_administration_utility
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
7.1

HIGH

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the app...

Affected Products : openshift_container_platform noobaa-operator
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3528

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional acc...

Affected Products : noobaa-operator
Published: May. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3527

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate...

Affected Products : enterprise_linux debian_linux qemu
Published: May. 26, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS con...

Affected Products : fedora debian_linux ceph_storage ceph
Published: May. 17, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3523

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address....

Affected Products : apicast
Published: Apr. 27, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3522

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags....

Affected Products : active_iq_unified_manager hci_management_node solidfire oncommand_insight oncommand_workflow_automation e-series_santricity_os_controller e-series_santricity_storage_manager e-series_santricity_web_services snapmanager openjdk +3 more products
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
4.7

MEDIUM

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer ...

Affected Products : rpm
Published: Aug. 22, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The gre...

Affected Products : zfs_storage_appliance_kit active_iq_unified_manager ontap_select_deploy_administration_utility cloud_backup communications_cloud_native_core_policy universal_forwarder lz4
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
6.9

MEDIUM

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes....

Affected Products : windows_10 thinkstation_p520_firmware thinkstation_p520c_firmware thinkstation_p720_firmware thinkstation_p920_firmware thinkcentre_m710s_firmware thinkcentre_m710t_firmware thinkcentre_m710e_firmware thinkcentre_m810z_firmware thinkcentre_m820z_firmware +109 more products
Published: Nov. 12, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity...

Affected Products : enterprise_linux fedora debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility peoplesoft_enterprise_peopletools libxml2 clustered_data_ontap enterprise_manager_ops_center real_user_experience_insight +10 more products
Published: May. 18, 2021

Modified: Nov. 21, 2024
8.6

HIGH

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bou...

Affected Products : enterprise_linux fedora zfs_storage_appliance_kit debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility hci_management_node solidfire peoplesoft_enterprise_peopletools libxml2 +20 more products
Published: May. 19, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-3516

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability....

Affected Products : enterprise_linux fedora zfs_storage_appliance_kit debian_linux ontap_select_deploy_administration_utility libxml2 clustered_data_ontap jboss_core_services clustered_data_ontap_antivirus_connector xmllint
Published: Jun. 01, 2021

Modified: Nov. 21, 2024
7.2

HIGH

CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pgl...

Affected Products : pglogical
Published: Jun. 01, 2021

Modified: Nov. 21, 2024

Showing 20 of 292828 Results

Browse by Apps

Latest CVE Feed

6.3

9.8

5.9

4.8

6.1

5.3

7.5

7.1

8.8

5.5

6.5

7.5

5.5

4.7

9.8

6.9

8.8

8.6

7.8

7.2

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable