Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-37866

    Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.... Read more

    Affected Products : mattermost_boards
    • EPSS Score: %0.19
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-37865

    Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.60
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37864

    Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.22
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-37863

    Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.57
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-37862

    Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.17
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37861

    Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.34
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37860

    Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.36
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-37859

    Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %45.09
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37852

    ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.... Read more

    • EPSS Score: %0.04
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37851

    Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 vers... Read more

    • EPSS Score: %0.03
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37850

    ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.... Read more

    • EPSS Score: %0.05
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37848

    common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.... Read more

    Affected Products : barebox
    • EPSS Score: %0.32
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37847

    crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.... Read more

    Affected Products : barebox
    • EPSS Score: %0.32
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37843

    The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6... Read more

    Affected Products : saml_single_sign_on
    • EPSS Score: %0.91
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37842

    metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, whi... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.16
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37841

    Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. T... Read more

    Affected Products : desktop
    • EPSS Score: %0.09
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-37840

    aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browse... Read more

    Affected Products : aapanel
    • EPSS Score: %0.40
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-37839

    Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.... Read more

    Affected Products : superset
    • EPSS Score: %0.18
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-37833

    A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.... Read more

    Affected Products : hoteldruid
    • EPSS Score: %5.43
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37832

    A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.... Read more

    Affected Products : hoteldruid
    • EPSS Score: %13.08
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results