Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-37645

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigne... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37644

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-37643

    TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, i... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37642

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-37641

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37640

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/ten... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-37639

    TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside t... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-37638

    TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implementation](https://g... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-37637

    TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tenso... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37636

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-37635

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.01
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-37634

    Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting (XSS) attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any st... Read more

    Affected Products : leafkit
    • EPSS Score: %0.31
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-37633

    Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Polic... Read more

    Affected Products : discourse
    • EPSS Score: %0.31
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-37632

    SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. The versions of SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are affected by a vulnerability and can be exploited on both servers and clients. Using SuperMa... Read more

    Affected Products : config_lib
    • EPSS Score: %1.86
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37631

    Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed ot... Read more

    Affected Products : deck nextcloud_server notes
    • EPSS Score: %0.29
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-37630

    Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It ... Read more

    Affected Products : nextcloud_server circles notes
    • EPSS Score: %0.33
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-37629

    Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended... Read more

    Affected Products : nextcloud_server richdocuments notes
    • EPSS Score: %0.38
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-37628

    Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary... Read more

    Affected Products : nextcloud_server richdocuments notes
    • EPSS Score: %0.40
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-37627

    Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who ha... Read more

    Affected Products : contao
    • EPSS Score: %0.48
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-37626

    Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted bac... Read more

    Affected Products : contao
    • EPSS Score: %0.72
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results