Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-39259

    A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.... Read more

    Affected Products : debian_linux ntfs-3g
    • EPSS Score: %0.07
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-39258

    A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.... Read more

    Affected Products : debian_linux ntfs-3g
    • EPSS Score: %0.07
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-39257

    A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.... Read more

    Affected Products : debian_linux ntfs-3g
    • EPSS Score: %0.06
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-39256

    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.... Read more

    Affected Products : debian_linux ntfs-3g
    • EPSS Score: %0.07
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-39255

    A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.... Read more

    Affected Products : debian_linux ntfs-3g
    • EPSS Score: %0.07
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-39254

    A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.02
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-39253

    A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.02
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-39252

    A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.02
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-39251

    A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.... Read more

    • EPSS Score: %0.03
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-39250

    Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely ... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.46
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-39249

    Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.34
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-39248

    Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.... Read more

    Affected Products : edx-platform
    • EPSS Score: %0.24
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-39247

    Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, related to is_last_single_ascii in code1.c, and rs_encode_uint in reedsol.c.... Read more

    Affected Products : zint barcode_generator
    • EPSS Score: %0.24
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-39246

    Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare the... Read more

    Affected Products : linux_kernel macos tor_browser windows
    • EPSS Score: %0.11
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39245

    Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.... Read more

    • EPSS Score: %0.29
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-39244

    Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto... Read more

    • EPSS Score: %13.24
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-39243

    Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX303... Read more

    • EPSS Score: %0.12
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39242

    An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.... Read more

    Affected Products : fedora debian_linux haproxy
    • EPSS Score: %0.47
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39241

    An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a ... Read more

    Affected Products : fedora debian_linux haproxy
    • EPSS Score: %0.44
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39240

    An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 ser... Read more

    Affected Products : fedora debian_linux haproxy
    • EPSS Score: %0.07
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292517 Results