Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-30506

    Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.... Read more

    Affected Products : android fedora chrome
    • EPSS Score: %0.31
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-30504

    In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.... Read more

    Affected Products : intellij_idea
    • EPSS Score: %0.00
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30503

    The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration.... Read more

    Affected Products : glsl_linting
    • EPSS Score: %3.33
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30502

    The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.... Read more

    Affected Products : simple_glasgow_haskell_compiler
    • EPSS Score: %3.96
    • Published: Apr. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-30499

    A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.... Read more

    Affected Products : fedora libcaca
    • EPSS Score: %0.10
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-30498

    A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.... Read more

    Affected Products : fedora libcaca
    • EPSS Score: %0.14
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-30497

    Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder,... Read more

    Affected Products : avalanche
    • EPSS Score: %93.20
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-30496

    The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFram... Read more

    Affected Products : telegram
    • EPSS Score: %0.40
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-30494

    Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used ... Read more

    Affected Products : synapse
    • EPSS Score: %0.05
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-30493

    Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used t... Read more

    Affected Products : synapse
    • EPSS Score: %0.05
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-30490

    upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.... Read more

    Affected Products : windows viewpower
    • EPSS Score: %0.03
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-30487

    In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.21
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-30486

    SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).... Read more

    Affected Products : sysaid
    • EPSS Score: %0.26
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-30485

    An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.... Read more

    Affected Products : debian_linux ezxml
    • EPSS Score: %1.46
    • Published: Apr. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-30483

    isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.... Read more

    Affected Products : isomorphic-git
    • EPSS Score: %0.26
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-30482

    In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly... Read more

    Affected Products : upsource
    • EPSS Score: %0.00
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-30481

    Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.... Read more

    Affected Products : steam_client steam
    • EPSS Score: %10.98
    • Published: Apr. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-30480

    Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. ... Read more

    Affected Products : macos windows chat
    • EPSS Score: %13.21
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-30479

    An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the o... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.20
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-30478

    An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, incl... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.14
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291736 Results