Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2021-29445

    jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verificatio... Read more

    Affected Products : jose-node-cjs-runtime
    • EPSS Score: %0.39
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-29444

    jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification... Read more

    Affected Products : jose-node-cjs-runtime
    • EPSS Score: %0.39
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-29443

    jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if eithe... Read more

    Affected Products : jose jose-node-cjs-runtime
    • EPSS Score: %0.32
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-29442

    Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While... Read more

    Affected Products : nacos
    • EPSS Score: %94.00
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29441

    Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce ... Read more

    Affected Products : nacos
    • EPSS Score: %94.05
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-29440

    Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code exec... Read more

    Affected Products : grav
    • EPSS Score: %20.26
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-29439

    The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can... Read more

    Affected Products : grav_admin
    • EPSS Score: %0.32
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29438

    The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has be... Read more

    Affected Products : nextcloud\/dialogs
    • EPSS Score: %0.22
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-29437

    ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch use... Read more

    Affected Products : scratchoauth2
    • EPSS Score: %0.27
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-29436

    Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by ... Read more

    Affected Products : time_tracker
    • EPSS Score: %0.22
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-29435

    trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trest... Read more

    Affected Products : trestle-auth
    • EPSS Score: %0.14
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29434

    Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user... Read more

    Affected Products : wagtail wagtail
    • EPSS Score: %0.27
    • Published: Apr. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-29433

    Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource e... Read more

    Affected Products : sydent
    • EPSS Score: %0.28
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-29432

    Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.... Read more

    Affected Products : sydent
    • EPSS Score: %0.25
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-29431

    Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it mig... Read more

    Affected Products : sydent
    • EPSS Score: %0.30
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29430

    Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also doe... Read more

    Affected Products : sydent
    • EPSS Score: %1.37
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29429

    In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed ... Read more

    Affected Products : gradle quarkus
    • EPSS Score: %0.03
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29428

    In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from ... Read more

    Affected Products : gradle quarkus
    • EPSS Score: %0.06
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-29427

    In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories a... Read more

    Affected Products : gradle quarkus
    • EPSS Score: %0.56
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29425

    In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not f... Read more

    • EPSS Score: %0.26
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results