Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-32681

    Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the... Read more

    Affected Products : wagtail wagtail
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-32680

    Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is s... Read more

    Affected Products : fedora nextcloud_server notes
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32679

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into... Read more

    Affected Products : fedora nextcloud_server notes
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32678

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` ... Read more

    Affected Products : fedora nextcloud_server notes
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-32677

    FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a... Read more

    Affected Products : fedora fastapi
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32676

    Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-32675

    Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header)... Read more

    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32674

    Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python mod... Read more

    Affected Products : zope
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32673

    reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.... Read more

    Affected Products : reg-keygen-git-hash
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-32672

    Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Red... Read more

    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-32671

    Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or do... Read more

    Affected Products : flarum
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-32670

    Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/... Read more

    Affected Products : datasette
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-32669

    TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the ... Read more

    Affected Products : typo3
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-32668

    TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _Quer... Read more

    Affected Products : typo3
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-32667

    TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, correspond... Read more

    Affected Products : typo3
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32666

    wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it cont... Read more

    Affected Products : wire
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-32665

    wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self u... Read more

    Affected Products : wire
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-32664

    Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.... Read more

    Affected Products : itop
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-32663

    iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and l... Read more

    Affected Products : itop
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-32662

    Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the envi... Read more

    Affected Products : backstage backstage
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results