Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-33507

    Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.... Read more

    Affected Products : plone zope
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33506

    jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.... Read more

    Affected Products : jitsi_meet
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-33505

    A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.... Read more

    Affected Products : falco
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-33504

    Couchbase Server before 7.1.0 has Incorrect Access Control.... Read more

    Affected Products : couchbase_server
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33503

    An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a ... Read more

    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33502

    The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.... Read more

    Affected Products : normalize-url
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-33501

    Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.... Read more

    Affected Products : overwolf
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33500

    PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attac... Read more

    Affected Products : putty windows putty
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33499

    Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).... Read more

    Affected Products : infinity
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33498

    Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).... Read more

    Affected Products : infinity
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-33497

    Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.... Read more

    Affected Products : transfer.sh
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33496

    Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.... Read more

    Affected Products : transfer.sh
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33495

    OX App Suite 7.10.5 allows XSS via an OX Chat system message.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33494

    OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.0

    MEDIUM
    CVE-2021-33493

    The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33492

    OX App Suite 7.10.5 allows XSS via an OX Chat room name.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-33491

    OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33490

    OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33489

    OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33488

    chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results