Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    CRITICAL
    CVE-2021-32852

    Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be a... Read more

    Affected Products : countly_server
    • EPSS Score: %0.14
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32851

    Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1... Read more

    Affected Products : mind-elixir
    • EPSS Score: %0.40
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32850

    jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.... Read more

    Affected Products : jquery-minicolors
    • EPSS Score: %0.56
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-32849

    Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.... Read more

    Affected Products : gerapy
    • EPSS Score: %75.61
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32848

    Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.... Read more

    Affected Products : octobox
    • EPSS Score: %0.08
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-32847

    HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into t... Read more

    Affected Products : hyperkit
    • EPSS Score: %0.12
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32846

    HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be l... Read more

    Affected Products : hyperkit
    • EPSS Score: %0.03
    • Published: Feb. 17, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-32845

    HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iove... Read more

    Affected Products : hyperkit
    • EPSS Score: %0.03
    • Published: Feb. 17, 2023
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-32844

    HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may... Read more

    Affected Products : hyperkit
    • EPSS Score: %0.03
    • Published: Feb. 17, 2023
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-32843

    HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead ... Read more

    Affected Products : hyperkit
    • EPSS Score: %0.03
    • Published: Feb. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32842

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slas... Read more

    Affected Products : sharpziplib
    • EPSS Score: %0.30
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32841

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the... Read more

    Affected Products : sharpziplib
    • EPSS Score: %0.38
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32840

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulner... Read more

    Affected Products : sharpziplib
    • EPSS Score: %1.65
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32839

    sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many... Read more

    Affected Products : sqlparse
    • EPSS Score: %0.11
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32838

    Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.... Read more

    Affected Products : fedora flask-restx
    • EPSS Score: %1.37
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32837

    mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize ... Read more

    Affected Products : mechanize
    • EPSS Score: %4.07
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-32836

    ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10.12 and 4.1.6 there is a pre-auth unsafe deserialization vulnerability in the REST API. An attacker in control of the request body will be able to provide both... Read more

    Affected Products : zstack
    • EPSS Score: %1.40
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-32835

    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the late... Read more

    Affected Products : keti
    • EPSS Score: %2.51
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-32834

    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy s... Read more

    Affected Products : keti
    • EPSS Score: %0.33
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-32833

    Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vuln... Read more

    Affected Products : emby.releases
    • EPSS Score: %0.38
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results