Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-39235

    In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.... Read more

    Affected Products : ozone
    • EPSS Score: %0.50
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-39234

    In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.... Read more

    Affected Products : ozone
    • EPSS Score: %0.27
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-39233

    In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.... Read more

    Affected Products : ozone
    • EPSS Score: %1.63
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39232

    In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.... Read more

    Affected Products : ozone
    • EPSS Score: %0.71
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-39231

    In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.... Read more

    Affected Products : ozone
    • EPSS Score: %1.72
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39230

    Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.... Read more

    Affected Products : butter
    • EPSS Score: %0.21
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39229

    Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the b... Read more

    Affected Products : apprise
    • EPSS Score: %0.45
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39228

    Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case,... Read more

    Affected Products : tremor
    • EPSS Score: %0.55
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39227

    ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization ... Read more

    Affected Products : zrender
    • EPSS Score: %0.40
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-39225

    Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck A... Read more

    Affected Products : deck nextcloud_server notes
    • EPSS Score: %0.25
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39224

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker ... Read more

    Affected Products : nextcloud_server officeonline notes
    • EPSS Score: %0.21
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39223

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. ... Read more

    Affected Products : nextcloud_server richdocuments notes
    • EPSS Score: %0.35
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-39222

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in... Read more

    Affected Products : talk nextcloud_server notes
    • EPSS Score: %0.42
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-39221

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a maliciou... Read more

    Affected Products : contacts nextcloud_server notes
    • EPSS Score: %0.28
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-39220

    Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images... Read more

    Affected Products : nextcloud_server mail notes
    • EPSS Score: %0.26
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39219

    Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing tha... Read more

    Affected Products : fedora wasmtime
    • EPSS Score: %0.07
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39218

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that u... Read more

    Affected Products : fedora wasmtime
    • EPSS Score: %0.09
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-39217

    OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.... Read more

    Affected Products : magento
    • EPSS Score: %0.26
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39216

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly p... Read more

    Affected Products : fedora wasmtime
    • EPSS Score: %0.07
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39215

    Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain au... Read more

    Affected Products : jitsi_meet
    • EPSS Score: %0.28
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292124 Results