Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2021-39231

    In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.... Read more

    Affected Products : ozone
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39230

    Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.... Read more

    Affected Products : butter
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39229

    Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the b... Read more

    Affected Products : apprise
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39228

    Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case,... Read more

    Affected Products : tremor
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39227

    ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization ... Read more

    Affected Products : zrender
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-39225

    Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck A... Read more

    Affected Products : deck nextcloud_server notes
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39224

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker ... Read more

    Affected Products : nextcloud_server officeonline notes
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39223

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. ... Read more

    Affected Products : nextcloud_server richdocuments notes
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-39222

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-39221

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a maliciou... Read more

    Affected Products : contacts nextcloud_server notes
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-39220

    Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images... Read more

    Affected Products : nextcloud_server mail notes
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39219

    Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing tha... Read more

    Affected Products : fedora wasmtime
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39218

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that u... Read more

    Affected Products : fedora wasmtime
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-39217

    OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.... Read more

    Affected Products : magento
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39216

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly p... Read more

    Affected Products : fedora wasmtime
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39215

    Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain au... Read more

    Affected Products : jitsi_meet
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39214

    mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a requ... Read more

    Affected Products : mitmproxy
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39213

    GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Res... Read more

    Affected Products : glpi
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-39212

    ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be r... Read more

    Affected Products : imagemagick
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39211

    GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemet... Read more

    Affected Products : glpi
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results