Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2021-33515

    The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.... Read more

    Affected Products : fedora debian_linux dovecot
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33514

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-A... Read more

    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33513

    Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.... Read more

    Affected Products : plone
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33512

    Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.... Read more

    Affected Products : plone
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33511

    Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.... Read more

    Affected Products : plone
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-33510

    Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.... Read more

    Affected Products : plone
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-33509

    Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.... Read more

    Affected Products : plone
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33508

    Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.... Read more

    Affected Products : plone
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33507

    Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.... Read more

    Affected Products : plone zope
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33506

    jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.... Read more

    Affected Products : jitsi_meet
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-33505

    A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.... Read more

    Affected Products : falco
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-33504

    Couchbase Server before 7.1.0 has Incorrect Access Control.... Read more

    Affected Products : couchbase_server
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33503

    An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a ... Read more

    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33502

    The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.... Read more

    Affected Products : normalize-url
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-33501

    Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.... Read more

    Affected Products : overwolf
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33500

    PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attac... Read more

    Affected Products : putty windows putty
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33499

    Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).... Read more

    Affected Products : infinity
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33498

    Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).... Read more

    Affected Products : infinity
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-33497

    Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.... Read more

    Affected Products : transfer.sh
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33496

    Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.... Read more

    Affected Products : transfer.sh
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results