Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.4

MEDIUM

CVE-2021-28380

The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account....

Affected Products : aimeos
EPSS Score: %0.27

Published: Mar. 16, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin....

Affected Products : vesta_control_panel myvesta
EPSS Score: %3.29

Published: Mar. 15, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-28378

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations....

Affected Products : gitea
EPSS Score: %12.92

Published: Mar. 15, 2021

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2021-28377

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files....

Affected Products : chronoforums
EPSS Score: %46.12

Published: Jan. 12, 2022

Modified: Nov. 21, 2024
4.0

MEDIUM

CVE-2021-28376

ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files....

Affected Products : chronoforums
EPSS Score: %0.14

Published: Jan. 12, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-28375

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308....

Affected Products : linux_kernel fedora solidfire_baseboard_management_controller_firmware cloud_backup
EPSS Score: %0.11

Published: Mar. 15, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-28374

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configura...

Affected Products : debian_linux courier-authlib
EPSS Score: %0.24

Published: Mar. 15, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-28373

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly d...

Affected Products : tiny_tiny_rss
EPSS Score: %0.15

Published: Mar. 13, 2021

Modified: Nov. 21, 2024
8.3

HIGH

CVE-2021-28372

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them int...

Affected Products : kalay_p2p_software_development_kit
EPSS Score: %0.92

Published: Aug. 17, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-28363

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of t...

Affected Products : fedora peoplesoft_enterprise_peopletools urllib3 urllib3
EPSS Score: %0.11

Published: Mar. 15, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-28362

An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extensi...

Affected Products : contiki contiki-os
EPSS Score: %0.35

Published: Mar. 24, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-28361

An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference....

Affected Products : storage_performance_development_kit
EPSS Score: %0.34

Published: Mar. 13, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-28359

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-20...

Affected Products : airflow
EPSS Score: %6.09

Published: May. 02, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-28358

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %11.97

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-28357

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %12.16

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-28356

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %9.54

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-28355

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %12.16

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-28354

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %12.16

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-28353

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %12.16

Published: Apr. 13, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-28352

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %11.97

Published: Apr. 13, 2021

Modified: Nov. 21, 2024

Showing 20 of 291750 Results

Latest CVE Feed

5.4

8.8

5.4

5.3

4.0

7.8

7.5

7.5

8.3

6.5

7.5

7.5

6.1

8.8

8.8

8.8

8.8

8.8

8.8

8.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable