Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-32928

    The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close P... Read more

    Affected Products : sentinel_ldk_run-time_environment
    • EPSS Score: %0.34
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-32927

    An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.... Read more

    Affected Products : gps_tracker
    • EPSS Score: %0.17
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32926

    When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to a... Read more

    • EPSS Score: %0.10
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32925

    admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %0.50
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32924

    Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.... Read more

    Affected Products : ips_community_suite
    • EPSS Score: %3.99
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-32923

    HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use... Read more

    Affected Products : vault
    • EPSS Score: %0.64
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-32921

    An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings ... Read more

    Affected Products : fedora debian_linux prosody lua
    • EPSS Score: %3.22
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32920

    Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.... Read more

    Affected Products : fedora debian_linux prosody
    • EPSS Score: %3.29
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32919

    An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowin... Read more

    Affected Products : fedora debian_linux prosody
    • EPSS Score: %0.40
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32918

    An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.... Read more

    Affected Products : fedora debian_linux prosody lua
    • EPSS Score: %2.87
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32917

    An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.... Read more

    Affected Products : fedora debian_linux prosody
    • EPSS Score: %5.02
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32862

    The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross... Read more

    Affected Products : debian_linux nbconvert
    • EPSS Score: %0.60
    • Published: Aug. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32860

    iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field `title` when creating a `iziModal` instance is able to supply... Read more

    Affected Products : izimodal
    • EPSS Score: %0.30
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32859

    The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who i... Read more

    Affected Products : date_range_picker
    • EPSS Score: %0.25
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32858

    esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issu... Read more

    Affected Products : esdoc-publish-html-plugin
    • EPSS Score: %0.11
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32857

    Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches f... Read more

    Affected Products : cockpit
    • EPSS Score: %0.48
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32856

    Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload... Read more

    Affected Products : microweber cockpit
    • EPSS Score: %1.06
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32855

    Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 ... Read more

    Affected Products : vditor
    • EPSS Score: %0.40
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32854

    textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are ... Read more

    Affected Products : textangular
    • EPSS Score: %0.19
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-32853

    Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from maliciou... Read more

    Affected Products : erxes
    • EPSS Score: %85.50
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results