Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2021-39220

    Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images... Read more

    Affected Products : nextcloud_server mail notes
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39219

    Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing tha... Read more

    Affected Products : fedora wasmtime
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39218

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that u... Read more

    Affected Products : fedora wasmtime
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-39217

    OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.... Read more

    Affected Products : magento
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-39216

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly p... Read more

    Affected Products : fedora wasmtime
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39215

    Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain au... Read more

    Affected Products : jitsi_meet
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39214

    mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a requ... Read more

    Affected Products : mitmproxy
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39213

    GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Res... Read more

    Affected Products : glpi
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-39212

    ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be r... Read more

    Affected Products : imagemagick
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-39211

    GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemet... Read more

    Affected Products : glpi
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-39210

    GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would... Read more

    Affected Products : glpi
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39209

    GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI... Read more

    Affected Products : glpi
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-39208

    SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPat... Read more

    Affected Products : sharpcompress
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-39207

    parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. ... Read more

    Affected Products : parlai
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-39206

    Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With spe... Read more

    Affected Products : envoy pomerium
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-39205

    Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to t... Read more

    Affected Products : jitsi_meet
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-39204

    Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can ... Read more

    Affected Products : envoy pomerium
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-39203

    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the blo... Read more

    Affected Products : wordpress
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-39202

    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML fea... Read more

    Affected Products : wordpress
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-39201

    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This byp... Read more

    Affected Products : debian_linux wordpress
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292871 Results