Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-34560

    In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least on... Read more

    • EPSS Score: %0.11
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-34559

    In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.... Read more

    • EPSS Score: %0.31
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34558

    The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.... Read more

    • EPSS Score: %1.48
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2021-34557

    XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attac... Read more

    Affected Products : fedora xscreensaver
    • EPSS Score: %0.05
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34556

    In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locati... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.00
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34555

    OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.... Read more

    Affected Products : fedora opendmarc
    • EPSS Score: %0.68
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-34553

    Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.... Read more

    Affected Products : nexus_repository_manager
    • EPSS Score: %0.21
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34552

    Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.... Read more

    Affected Products : fedora debian_linux pillow
    • EPSS Score: %0.32
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-34551

    PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.... Read more

    Affected Products : fedora windows phpmailer
    • EPSS Score: %2.11
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34550

    An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor... Read more

    Affected Products : tor
    • EPSS Score: %0.83
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34549

    An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.... Read more

    Affected Products : tor
    • EPSS Score: %0.64
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34548

    An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.... Read more

    Affected Products : tor
    • EPSS Score: %0.16
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-34547

    PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation.... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.10
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-34546

    An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary ... Read more

    Affected Products : netsetman
    • EPSS Score: %0.44
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34544

    An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60... Read more

    • EPSS Score: %0.40
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34543

    The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and... Read more

    • EPSS Score: %1.19
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-34540

    Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.33
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-34539

    An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution.... Read more

    Affected Products : amp
    • EPSS Score: %0.92
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-34538

    Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. Th... Read more

    Affected Products : hive
    • EPSS Score: %0.26
    • Published: Jul. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-34537

    Windows Bluetooth Driver Elevation of Privilege Vulnerability... Read more

    • EPSS Score: %0.26
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291219 Results