Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-36782

    A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This ... Read more

    Affected Products : rancher rancher
    • EPSS Score: %77.97
    • Published: Sep. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-36781

    A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0... Read more

    Affected Products : factory openldap2
    • EPSS Score: %0.09
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-36780

    A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have acce... Read more

    Affected Products : longhorn
    • EPSS Score: %0.14
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-36779

    A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.... Read more

    Affected Products : longhorn
    • EPSS Score: %0.05
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36778

    A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.30
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36777

    A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. ... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.29
    • Published: Mar. 09, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36776

    A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.21
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36775

    a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.07
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-36774

    Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server w... Read more

    Affected Products : kylin
    • EPSS Score: %0.83
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36773

    uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of al... Read more

    • EPSS Score: %1.08
    • Published: Jul. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36772

    Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %3.87
    • Published: Jul. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36771

    Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %3.87
    • Published: Jul. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36770

    Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration,... Read more

    Affected Products : fedora perl p5-encode
    • EPSS Score: %0.15
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-36769

    A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.... Read more

    Affected Products : telegram telegram_desktop
    • EPSS Score: %0.29
    • Published: Jul. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36767

    In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply wi... Read more

    • EPSS Score: %0.24
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-36766

    Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is no... Read more

    Affected Products : concrete_cms
    • EPSS Score: %1.54
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36765

    In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.... Read more

    Affected Products : ethernetip
    • EPSS Score: %0.31
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36764

    In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.... Read more

    Affected Products : gateway
    • EPSS Score: %0.34
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36763

    In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.... Read more

    • EPSS Score: %0.32
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-36762

    An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might r... Read more

    Affected Products : nichestack
    • EPSS Score: %0.34
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results