Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-3197

    An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.... Read more

    Affected Products : fedora debian_linux salt
    • Published: Feb. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3196

    An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject addi... Read more

    Affected Products : id_bravura_security_fabric
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3195

    bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the secu... Read more

    Affected Products : bitcoin_core bitcoin_core
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3193

    Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.... Read more

    Affected Products : nagios_xi
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-3191

    Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T... Read more

    Affected Products : web_viewpoint nonstop
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3190

    The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.... Read more

    Affected Products : async-git
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3189

    The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.... Read more

    Affected Products : slashify
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3188

    phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.... Read more

    Affected Products : phplist
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3185

    A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.... Read more

    Affected Products : gst-plugins-bad
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3184

    MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.... Read more

    Affected Products : misp misp
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3183

    Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.... Read more

    Affected Products : fat_client
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-3182

    D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    Affected Products : dcs-5220_firmware dcs-5220
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3181

    rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message... Read more

    Affected Products : fedora debian_linux mutt
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3179

    GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.... Read more

    Affected Products : gglocker
    • Published: Dec. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3178

    fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory ex... Read more

    Affected Products : linux_kernel fedora debian_linux
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3177

    Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_dou... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-3176

    The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A success... Read more

    Affected Products : businesscti_enterprise
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3169

    An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.... Read more

    Affected Products : jumpserver jumpserver
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3167

    In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.... Read more

    Affected Products : data_engineering
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3166

    An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services... Read more

    • Published: Jan. 18, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293186 Results