Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2021-29489

    Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code... Read more

    • EPSS Score: %0.23
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29488

    SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released... Read more

    Affected Products : linux_kernel macos windows sabnzbd
    • EPSS Score: %0.32
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-29487

    octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerab... Read more

    Affected Products : october
    • EPSS Score: %0.50
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29486

    cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infi... Read more

    Affected Products : cumulative-distribution-function
    • EPSS Score: %0.66
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-29485

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's ... Read more

    Affected Products : ratpack
    • EPSS Score: %2.48
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-29484

    Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Us... Read more

    Affected Products : ghost
    • EPSS Score: %82.00
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-29483

    ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c... Read more

    Affected Products : managewiki
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29482

    xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. ... Read more

    Affected Products : xz
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-29481

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the ses... Read more

    Affected Products : ratpack
    • EPSS Score: %0.07
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-29480

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is no... Read more

    Affected Products : ratpack
    • EPSS Score: %0.09
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2021-29479

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` ... Read more

    Affected Products : ratpack
    • EPSS Score: %0.22
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29478

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code executi... Read more

    Affected Products : fedora redis redis
    • EPSS Score: %0.66
    • Published: May. 04, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29477

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potenti... Read more

    Affected Products : fedora redis redis
    • EPSS Score: %2.22
    • Published: May. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29476

    Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.... Read more

    Affected Products : requests
    • EPSS Score: %2.22
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-29475

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore t... Read more

    Affected Products : hedgedoc
    • EPSS Score: %0.26
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29474

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path trave... Read more

    Affected Products : hedgedoc
    • EPSS Score: %0.39
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2021-29473

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading,... Read more

    Affected Products : fedora debian_linux exiv2
    • EPSS Score: %0.14
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-29472

    Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is ... Read more

    Affected Products : fedora debian_linux composer
    • EPSS Score: %3.87
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-29471

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will matc... Read more

    Affected Products : fedora synapse
    • EPSS Score: %0.61
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-29470

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to wri... Read more

    Affected Products : fedora exiv2
    • EPSS Score: %0.19
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results