Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-29643

    PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance.... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.50
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29642

    GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.... Read more

    Affected Products : gistpad
    • EPSS Score: %0.21
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29641

    Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Ex... Read more

    Affected Products : directus directus
    • EPSS Score: %5.65
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29632

    In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrit... Read more

    Affected Products : freebsd
    • EPSS Score: %0.26
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29631

    In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors w... Read more

    Affected Products : freebsd
    • EPSS Score: %0.05
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-29630

    In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before wri... Read more

    Affected Products : freebsd
    • EPSS Score: %1.08
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29629

    In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clien... Read more

    Affected Products : freebsd
    • EPSS Score: %0.49
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29628

    In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weak... Read more

    Affected Products : freebsd
    • EPSS Score: %0.19
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29627

    In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional opera... Read more

    Affected Products : freebsd
    • EPSS Score: %1.05
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29626

    In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple pr... Read more

    Affected Products : freebsd
    • EPSS Score: %0.14
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29625

    Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only e... Read more

    Affected Products : adminer
    • EPSS Score: %69.25
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29624

    fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. ... Read more

    Affected Products : fastify-csrf
    • EPSS Score: %0.25
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-29623

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for... Read more

    Affected Products : fedora exiv2
    • EPSS Score: %0.63
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29622

    Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an... Read more

    Affected Products : prometheus
    • EPSS Score: %86.63
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29620

    Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows... Read more

    Affected Products : service-api reportportal
    • EPSS Score: %0.96
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29619

    TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherryp... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.02
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29618

    TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherry... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.05
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29617

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this com... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.05
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-29616

    TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L39... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.02
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29615

    TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) ca... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.02
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results