Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-29485

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's ... Read more

    Affected Products : ratpack
    • EPSS Score: %2.48
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-29484

    Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Us... Read more

    Affected Products : ghost
    • EPSS Score: %82.00
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-29483

    ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c... Read more

    Affected Products : managewiki
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29482

    xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. ... Read more

    Affected Products : xz
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29481

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the ses... Read more

    Affected Products : ratpack
    • EPSS Score: %0.07
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-29480

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is no... Read more

    Affected Products : ratpack
    • EPSS Score: %0.09
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-29479

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` ... Read more

    Affected Products : ratpack
    • EPSS Score: %0.22
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29478

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code executi... Read more

    Affected Products : fedora redis redis
    • EPSS Score: %0.66
    • Published: May. 04, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29477

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potenti... Read more

    Affected Products : fedora redis redis
    • EPSS Score: %2.22
    • Published: May. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29476

    Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.... Read more

    Affected Products : requests
    • EPSS Score: %2.22
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-29475

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore t... Read more

    Affected Products : hedgedoc
    • EPSS Score: %0.26
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29474

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path trave... Read more

    Affected Products : hedgedoc
    • EPSS Score: %0.39
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2021-29473

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading,... Read more

    Affected Products : fedora debian_linux exiv2
    • EPSS Score: %0.14
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29472

    Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is ... Read more

    Affected Products : fedora debian_linux composer
    • EPSS Score: %3.87
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29471

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will matc... Read more

    Affected Products : fedora synapse
    • EPSS Score: %0.61
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29470

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to wri... Read more

    Affected Products : fedora exiv2
    • EPSS Score: %0.19
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29469

    Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issu... Read more

    Affected Products : redis redis
    • EPSS Score: %0.62
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29468

    Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed whil... Read more

    Affected Products : git git
    • EPSS Score: %0.54
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29467

    Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1.... Read more

    Affected Products : wrongthink
    • EPSS Score: %0.18
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29466

    Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file... Read more

    • EPSS Score: %0.70
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results