Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-29507

    GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which a... Read more

    Affected Products : diagnostic_log_and_trace dlt-daemon
    • EPSS Score: %0.26
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29506

    GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request... Read more

    Affected Products : graphhopper
    • EPSS Score: %0.38
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-29504

    WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on ... Read more

    Affected Products : wp-cli
    • EPSS Score: %0.85
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-29503

    HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata sect... Read more

    Affected Products : hedgedoc
    • EPSS Score: %1.89
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-29502

    WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in versio... Read more

    Affected Products : warnsystem
    • EPSS Score: %0.38
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-29501

    Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround... Read more

    Affected Products : dav-cogs
    • EPSS Score: %0.36
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29500

    bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to for... Read more

    Affected Products : bubble_fireworks
    • EPSS Score: %0.11
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29499

    SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used ... Read more

    Affected Products : singularity_image_format
    • EPSS Score: %0.32
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29495

    Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "ver... Read more

    Affected Products : nim
    • EPSS Score: %0.08
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29493

    Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to versio... Read more

    Affected Products : kennnyshiwa-cogs
    • EPSS Score: %0.32
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-29492

    Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to b... Read more

    Affected Products : envoy
    • EPSS Score: %7.42
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29490

    Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This i... Read more

    Affected Products : jellyfin
    • EPSS Score: %89.48
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-29489

    Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code... Read more

    • EPSS Score: %0.23
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29488

    SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released... Read more

    Affected Products : linux_kernel macos windows sabnzbd
    • EPSS Score: %0.32
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-29487

    octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerab... Read more

    Affected Products : october
    • EPSS Score: %0.50
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29486

    cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infi... Read more

    Affected Products : cumulative-distribution-function
    • EPSS Score: %0.66
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-29485

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's ... Read more

    Affected Products : ratpack
    • EPSS Score: %2.48
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-29484

    Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Us... Read more

    Affected Products : ghost
    • EPSS Score: %82.00
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-29483

    ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c... Read more

    Affected Products : managewiki
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29482

    xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. ... Read more

    Affected Products : xz
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291400 Results