Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2021-34376

    Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclo... Read more

    • EPSS Score: %0.05
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-34375

    Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclosure.... Read more

    • EPSS Score: %0.07
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-34374

    Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service.... Read more

    • EPSS Score: %0.06
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.9

    HIGH
    CVE-2021-34373

    Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service.... Read more

    • EPSS Score: %0.07
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-34372

    Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might resu... Read more

    • EPSS Score: %0.08
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34371

    Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable ... Read more

    Affected Products : neo4j
    • EPSS Score: %68.07
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-34370

    Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.... Read more

    Affected Products : civic_platform
    • EPSS Score: %5.48
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-34369

    portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for ... Read more

    Affected Products : civic_platform
    • EPSS Score: %6.77
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-34364

    The Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns.... Read more

    Affected Products : refined-github
    • EPSS Score: %0.22
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-34363

    The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.... Read more

    Affected Products : fedora the_fuck
    • EPSS Score: %1.12
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-34362

    A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions... Read more

    Affected Products : quts_hero qts media_streaming_add-on
    • EPSS Score: %0.87
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-34361

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions ... Read more

    Affected Products : qts nas_proxy_server
    • EPSS Score: %0.35
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34360

    A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following ve... Read more

    Affected Products : quts_hero qts qutscloud nas_proxy_server
    • EPSS Score: %0.09
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-34359

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions ... Read more

    Affected Products : qts nas_proxy_server
    • EPSS Score: %0.22
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-34358

    We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later... Read more

    Affected Products : qmailagent nas
    • EPSS Score: %0.12
    • Published: Nov. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-34357

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of... Read more

    Affected Products : qmailagent nas
    • EPSS Score: %0.35
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-34356

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions... Read more

    Affected Products : photo_station nas
    • EPSS Score: %0.26
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-34355

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of... Read more

    Affected Products : photo_station nas
    • EPSS Score: %0.17
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-34354

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions... Read more

    Affected Products : photo_station nas
    • EPSS Score: %0.26
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34352

    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR ... Read more

    Affected Products : qvr
    • EPSS Score: %4.18
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291274 Results