Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-31555

    An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.20
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31554

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.12
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31553

    An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and funct... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.73
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31552

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.11
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31551

    An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.31
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31550

    An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.28
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31549

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.24
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31548

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.13
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31547

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.23
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31546

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.15
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-31545

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.20
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31542

    In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.... Read more

    Affected Products : fedora debian_linux django
    • EPSS Score: %5.44
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-31540

    Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application serv... Read more

    Affected Products : streaming_engine
    • EPSS Score: %0.04
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31539

    Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.... Read more

    Affected Products : streaming_engine
    • EPSS Score: %0.02
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31538

    LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal.... Read more

    Affected Products : lcos_fx uf-160 uf-260 uf-500 uf-60 uf-910
    • EPSS Score: %0.42
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31537

    SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).... Read more

    Affected Products : sis-rewe_go
    • EPSS Score: %72.05
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31535

    LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests wi... Read more

    Affected Products : fedora libx11 x_window_system
    • EPSS Score: %2.60
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-31532

    NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocume... Read more

    • EPSS Score: %0.06
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-31525

    net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.... Read more

    Affected Products : fedora go
    • EPSS Score: %0.01
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31523

    The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics l... Read more

    Affected Products : xscreensaver
    • EPSS Score: %0.04
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292319 Results