Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-30493

    Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used t... Read more

    Affected Products : synapse
    • EPSS Score: %0.05
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-30490

    upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.... Read more

    Affected Products : windows viewpower
    • EPSS Score: %0.03
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-30487

    In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.21
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-30486

    SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).... Read more

    Affected Products : sysaid
    • EPSS Score: %0.26
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-30485

    An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.... Read more

    Affected Products : debian_linux ezxml
    • EPSS Score: %1.46
    • Published: Apr. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-30483

    isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.... Read more

    Affected Products : isomorphic-git
    • EPSS Score: %0.26
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-30482

    In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly... Read more

    Affected Products : upsource
    • EPSS Score: %0.00
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-30481

    Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.... Read more

    Affected Products : steam_client steam
    • EPSS Score: %10.98
    • Published: Apr. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-30480

    Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. ... Read more

    Affected Products : macos windows chat
    • EPSS Score: %13.21
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-30479

    An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the o... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.20
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-30478

    An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, incl... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.14
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-30477

    An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not ... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.23
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30476

    HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.... Read more

    Affected Products : terraform_provider
    • EPSS Score: %0.61
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30475

    aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.... Read more

    Affected Products : fedora aomedia
    • EPSS Score: %0.21
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30474

    aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.... Read more

    Affected Products : aomedia
    • EPSS Score: %0.17
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30473

    aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.... Read more

    Affected Products : fedora aomedia
    • EPSS Score: %0.25
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-30472

    A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.... Read more

    Affected Products : podofo
    • EPSS Score: %0.27
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-30471

    A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.... Read more

    Affected Products : enterprise_linux fedora podofo
    • EPSS Score: %0.04
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-30470

    A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.... Read more

    Affected Products : enterprise_linux fedora podofo
    • EPSS Score: %0.04
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-30469

    A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.... Read more

    Affected Products : enterprise_linux fedora podofo
    • EPSS Score: %0.17
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results