Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2021-32790

    Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the W... Read more

    Affected Products : woocommerce
    • EPSS Score: %1.22
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32789

    woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a ... Read more

    Affected Products : woocommerce woocommerce_blocks
    • EPSS Score: %91.45
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32788

    Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed ... Read more

    Affected Products : discourse
    • EPSS Score: %0.39
    • Published: Jul. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32787

    Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage ... Read more

    Affected Products : sourcegraph
    • EPSS Score: %0.20
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32786

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()... Read more

    • EPSS Score: %0.12
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32785

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configu... Read more

    • EPSS Score: %0.18
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2021-32783

    Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy conta... Read more

    Affected Products : contour
    • EPSS Score: %0.26
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-32782

    Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped... Read more

    Affected Products : nextcloud_server circles notes
    • EPSS Score: %0.36
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-32781

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when ... Read more

    Affected Products : envoy
    • EPSS Score: %0.08
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-32780

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. T... Read more

    Affected Products : envoy
    • EPSS Score: %0.08
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-32779

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter ... Read more

    Affected Products : envoy
    • EPSS Score: %0.04
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32778

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large numbe... Read more

    Affected Products : envoy
    • EPSS Score: %0.07
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-32777

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value he... Read more

    Affected Products : envoy
    • EPSS Score: %0.02
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32776

    Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.... Read more

    Affected Products : itop
    • EPSS Score: %0.14
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-32775

    Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.... Read more

    Affected Products : itop
    • EPSS Score: %0.29
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-32774

    DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patche... Read more

    Affected Products : datadump
    • EPSS Score: %0.18
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32773

    Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their ... Read more

    Affected Products : racket
    • EPSS Score: %0.29
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32772

    Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast info... Read more

    Affected Products : poddycast
    • EPSS Score: %0.87
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-32771

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vuln... Read more

    Affected Products : contiki-ng
    • EPSS Score: %0.69
    • Published: Aug. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32770

    Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentica... Read more

    Affected Products : gatsby gatsby-source-wordpress
    • EPSS Score: %0.24
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results