Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-29433

    Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource e... Read more

    Affected Products : sydent
    • EPSS Score: %0.28
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-29432

    Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.... Read more

    Affected Products : sydent
    • EPSS Score: %0.25
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-29431

    Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it mig... Read more

    Affected Products : sydent
    • EPSS Score: %0.30
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29430

    Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also doe... Read more

    Affected Products : sydent
    • EPSS Score: %1.37
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29429

    In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed ... Read more

    Affected Products : gradle quarkus
    • EPSS Score: %0.03
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29428

    In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from ... Read more

    Affected Products : gradle quarkus
    • EPSS Score: %0.06
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-29427

    In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories a... Read more

    Affected Products : gradle quarkus
    • EPSS Score: %0.56
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29425

    In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not f... Read more

    • EPSS Score: %0.26
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29424

    The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.... Read more

    Affected Products : fedora \
    • EPSS Score: %0.08
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29421

    models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.... Read more

    Affected Products : fedora pikepdf
    • EPSS Score: %0.37
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29418

    The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue... Read more

    Affected Products : netmask
    • EPSS Score: %0.02
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29417

    gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal.... Read more

    Affected Products : gitjacker
    • EPSS Score: %5.34
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29416

    An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems ... Read more

    Affected Products : burp_suite
    • EPSS Score: %0.31
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29415

    The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the p... Read more

    Affected Products : nrf52840_firmware nrf52840
    • EPSS Score: %0.08
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29414

    STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.... Read more

    • EPSS Score: %0.15
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29400

    A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious t... Read more

    Affected Products : my_smtp_contact
    • EPSS Score: %0.11
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29399

    XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.... Read more

    Affected Products : php xmb
    • EPSS Score: %0.40
    • Published: Apr. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29398

    Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of th... Read more

    Affected Products : northstar_club_management
    • EPSS Score: %1.11
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29397

    Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.... Read more

    Affected Products : northstar_club_management
    • EPSS Score: %0.18
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29396

    Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.... Read more

    Affected Products : northstar_club_management
    • EPSS Score: %1.40
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291570 Results