Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2021-39164

    Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerabil... Read more

    Affected Products : fedora synapse
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-39163

    Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limit... Read more

    Affected Products : fedora synapse
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-39162

    Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* serve... Read more

    Affected Products : envoy pomerium
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-39161

    Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects site... Read more

    Affected Products : discourse
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-39160

    nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.... Read more

    Affected Products : nbgitpuller
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39159

    BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing B... Read more

    Affected Products : binderhub
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39158

    NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within... Read more

    Affected Products : nvcaffe
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39157

    detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0... Read more

    Affected Products : detect-character-encoding
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-39156

    Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploi... Read more

    Affected Products : istio
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-39155

    Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio... Read more

    Affected Products : istio
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-39143

    Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the path... Read more

    Affected Products : spinnaker
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-39138

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first sign... Read more

    Affected Products : parse-server
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39137

    go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about t... Read more

    Affected Products : go_ethereum
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-39136

    baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to updat... Read more

    Affected Products : basercms
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-39135

    `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will... Read more

    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-39134

    `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents wi... Read more

    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-39133

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cau... Read more

    Affected Products : rundeck
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39132

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or... Read more

    Affected Products : rundeck
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39131

    ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ce... Read more

    Affected Products : ced
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-39128

    Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Templat... Read more

    Affected Products : jira_server jira_data_center
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292818 Results