Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-32708

    Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The condi... Read more

    Affected Products : fedora flysystem
    • EPSS Score: %11.27
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32707

    Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attri... Read more

    • EPSS Score: %0.64
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32706

    Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match filter allows a malicious character through that can be ... Read more

    Affected Products : pi-hole web_interface
    • EPSS Score: %59.44
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32705

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens... Read more

    Affected Products : fedora nextcloud_server notes
    • EPSS Score: %0.54
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32704

    DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endp... Read more

    Affected Products : dhis_2
    • EPSS Score: %0.26
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32703

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens.... Read more

    Affected Products : fedora nextcloud_server notes
    • EPSS Score: %0.53
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-32702

    The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query... Read more

    Affected Products : nextjs-auth0
    • EPSS Score: %0.58
    • Published: Jun. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32701

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `f... Read more

    Affected Products : oathkeeper
    • EPSS Score: %0.31
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-32700

    Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of... Read more

    Affected Products : ballerina swan_lake
    • EPSS Score: %0.12
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32699

    Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious... Read more

    Affected Products : wings
    • EPSS Score: %0.13
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-32698

    eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLa... Read more

    Affected Products : elabftw
    • EPSS Score: %0.26
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32697

    neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means th... Read more

    Affected Products : form
    • EPSS Score: %0.40
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32696

    The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `h... Read more

    Affected Products : striptags
    • EPSS Score: %0.29
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32695

    Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim ... Read more

    Affected Products : nextcloud_server nextcloud notes
    • EPSS Score: %0.31
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-32694

    Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15... Read more

    Affected Products : nextcloud_server nextcloud notes
    • EPSS Score: %0.24
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32693

    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewal... Read more

    Affected Products : symfony
    • EPSS Score: %0.54
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-32692

    Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visit... Read more

    Affected Products : macos activitywatch
    • EPSS Score: %0.06
    • Published: Dec. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32691

    Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). ... Read more

    Affected Products : data-connector-rock
    • EPSS Score: %0.48
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-32690

    Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another do... Read more

    Affected Products : helm
    • EPSS Score: %0.12
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-32689

    Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. Th... Read more

    Affected Products : talk nextcloud_server notes
    • EPSS Score: %0.26
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results