Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    CRITICAL
    CVE-2021-29665

    IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.... Read more

    Affected Products : security_verify_access
    • EPSS Score: %0.68
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-29663

    CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS p... Read more

    • EPSS Score: %0.20
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29662

    The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.... Read more

    Affected Products : snapcenter \
    • EPSS Score: %0.36
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29661

    Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated use... Read more

    Affected Products : opc_toolbox
    • EPSS Score: %0.32
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29660

    A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.... Read more

    Affected Products : opc_toolbox
    • EPSS Score: %0.14
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29658

    The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.... Read more

    Affected Products : vscode-rufo
    • EPSS Score: %0.48
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-29657

    arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29656

    Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.... Read more

    Affected Products : infinity_connect
    • EPSS Score: %0.22
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29655

    Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.... Read more

    Affected Products : infinity_connect
    • EPSS Score: %0.19
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-29654

    AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.... Read more

    Affected Products : ajaxsearchpro
    • EPSS Score: %1.89
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29653

    HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.... Read more

    Affected Products : vault
    • EPSS Score: %0.10
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29652

    Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process... Read more

    Affected Products : pomerium
    • EPSS Score: %0.18
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-29651

    Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).... Read more

    Affected Products : pomerium
    • EPSS Score: %0.20
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29650

    An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignmen... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.02
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29649

    An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.... Read more

    Affected Products : linux_kernel fedora
    • EPSS Score: %0.07
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29648

    An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unex... Read more

    Affected Products : linux_kernel fedora
    • EPSS Score: %0.05
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29647

    An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.09
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29646

    An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.... Read more

    Affected Products : linux_kernel fedora
    • EPSS Score: %0.08
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29645

    Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on ... Read more

    • EPSS Score: %0.04
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-29644

    Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the ... Read more

    • EPSS Score: %2.62
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results