Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-35949

    The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.18
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-35948

    Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.17
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35947

    The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.26
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35946

    A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.31
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35945

    Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.58
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35944

    Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.58
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35943

    Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.36
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35941

    Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-20... Read more

    • EPSS Score: %3.80
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-35940

    An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6... Read more

    Affected Products : http_server portable_runtime
    • EPSS Score: %0.06
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-35939

    It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw ... Read more

    Affected Products : enterprise_linux rpm
    • EPSS Score: %0.13
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-35938

    A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file a... Read more

    Affected Products : enterprise_linux fedora rpm
    • EPSS Score: %0.08
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-35937

    A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vuln... Read more

    Affected Products : enterprise_linux fedora rpm
    • EPSS Score: %0.01
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35936

    If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no auth... Read more

    Affected Products : airflow
    • EPSS Score: %0.17
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35689

    A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulner... Read more

    Affected Products : talent_acquisition_cloud
    • EPSS Score: %2.52
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-35687

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnera... Read more

    • EPSS Score: %1.18
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-35686

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnera... Read more

    • EPSS Score: %0.30
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-35683

    Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network a... Read more

    • EPSS Score: %1.54
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-35666

    Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to... Read more

    Affected Products : http_server
    • EPSS Score: %1.32
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-35665

    Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to comp... Read more

    • EPSS Score: %0.58
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-35662

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access vi... Read more

    Affected Products : outside_in_technology
    • EPSS Score: %1.80
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results