Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-29511

    evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, ma... Read more

    Affected Products : evm
    • EPSS Score: %0.38
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29510

    Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU... Read more

    Affected Products : fedora pydantic
    • EPSS Score: %0.07
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29509

    Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connect... Read more

    Affected Products : debian_linux puma
    • EPSS Score: %0.16
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-29508

    Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing... Read more

    Affected Products : wire wire
    • EPSS Score: %0.45
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29507

    GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which a... Read more

    Affected Products : diagnostic_log_and_trace dlt-daemon
    • EPSS Score: %0.26
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29506

    GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request... Read more

    Affected Products : graphhopper
    • EPSS Score: %0.38
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-29504

    WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on ... Read more

    Affected Products : wp-cli
    • EPSS Score: %0.85
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-29503

    HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata sect... Read more

    Affected Products : hedgedoc
    • EPSS Score: %1.89
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-29502

    WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in versio... Read more

    Affected Products : warnsystem
    • EPSS Score: %0.38
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-29501

    Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround... Read more

    Affected Products : dav-cogs
    • EPSS Score: %0.36
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29500

    bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to for... Read more

    Affected Products : bubble_fireworks
    • EPSS Score: %0.11
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29499

    SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used ... Read more

    Affected Products : singularity_image_format
    • EPSS Score: %0.32
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29495

    Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "ver... Read more

    Affected Products : nim
    • EPSS Score: %0.08
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29493

    Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to versio... Read more

    Affected Products : kennnyshiwa-cogs
    • EPSS Score: %0.32
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-29492

    Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to b... Read more

    Affected Products : envoy
    • EPSS Score: %7.42
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29490

    Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This i... Read more

    Affected Products : jellyfin
    • EPSS Score: %89.48
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-29489

    Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code... Read more

    • EPSS Score: %0.23
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29488

    SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released... Read more

    Affected Products : linux_kernel macos windows sabnzbd
    • EPSS Score: %0.32
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-29487

    octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerab... Read more

    Affected Products : october
    • EPSS Score: %0.50
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29486

    cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infi... Read more

    Affected Products : cumulative-distribution-function
    • EPSS Score: %0.66
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results