Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-31420

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vuln... Read more

    Affected Products : parallels_desktop
    • EPSS Score: %0.10
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31419

    This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploi... Read more

    Affected Products : parallels_desktop
    • EPSS Score: %0.09
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31418

    This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploi... Read more

    Affected Products : parallels_desktop
    • EPSS Score: %0.09
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31417

    This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploi... Read more

    Affected Products : parallels_desktop
    • EPSS Score: %0.08
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31414

    The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.... Read more

    Affected Products : rpm_spec
    • EPSS Score: %2.48
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-31412

    Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and... Read more

    Affected Products : vaadin flow flow-server
    • EPSS Score: %0.94
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31411

    Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.... Read more

    Affected Products : vaadin flow flow-server
    • EPSS Score: %0.05
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-31410

    Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.... Read more

    Affected Products : designer
    • EPSS Score: %0.28
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31409

    Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email ad... Read more

    Affected Products : vaadin
    • EPSS Score: %0.56
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-31408

    Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local... Read more

    Affected Products : vaadin flow
    • EPSS Score: %0.11
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-31407

    Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP req... Read more

    Affected Products : vaadin flow flow-server
    • EPSS Score: %1.80
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-31406

    Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security... Read more

    Affected Products : vaadin flow flow-server
    • EPSS Score: %0.05
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31405

    Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consu... Read more

    Affected Products : vaadin flow
    • EPSS Score: %0.47
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-31404

    Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), ... Read more

    Affected Products : vaadin flow flow-server
    • EPSS Score: %0.05
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-31403

    Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token v... Read more

    Affected Products : vaadin
    • EPSS Score: %0.13
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31402

    The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.... Read more

    Affected Products : dio
    • EPSS Score: %0.35
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31401

    An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs wh... Read more

    • EPSS Score: %0.71
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31400

    An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's... Read more

    Affected Products : nichestack
    • EPSS Score: %0.41
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-31386

    A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 1... Read more

    Affected Products : junos
    • EPSS Score: %0.15
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31385

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Network... Read more

    Affected Products : junos
    • EPSS Score: %0.71
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292495 Results