Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-26923

    An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.... Read more

    • EPSS Score: %0.54
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26921

    In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.... Read more

    • EPSS Score: %0.24
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26920

    In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges ... Read more

    Affected Products : druid
    • EPSS Score: %3.84
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26919

    Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, ... Read more

    Affected Products : druid
    • EPSS Score: %82.39
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26918

    The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows doub... Read more

    Affected Products : bot
    • EPSS Score: %0.78
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26917

    PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these scre... Read more

    Affected Products : pybitmessage
    • EPSS Score: %0.08
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26916

    In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.... Read more

    Affected Products : nopcommerce
    • EPSS Score: %0.22
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-26915

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.... Read more

    Affected Products : netmotion_mobility
    • EPSS Score: %34.16
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-26914

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.... Read more

    Affected Products : netmotion_mobility
    • EPSS Score: %64.44
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-26913

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.... Read more

    Affected Products : netmotion_mobility
    • EPSS Score: %35.43
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-26912

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.... Read more

    Affected Products : netmotion_mobility
    • EPSS Score: %35.43
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-26911

    core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.... Read more

    Affected Products : canary_mail mailcore2
    • EPSS Score: %0.28
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26910

    Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.... Read more

    Affected Products : debian_linux firejail
    • EPSS Score: %0.05
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-26909

    Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of th... Read more

    Affected Products : automox
    • EPSS Score: %0.20
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-26908

    Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox... Read more

    Affected Products : automox
    • EPSS Score: %0.05
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-26906

    An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP all... Read more

    Affected Products : asterisk certified_asterisk
    • EPSS Score: %0.51
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26905

    1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.... Read more

    Affected Products : scim_bridge
    • EPSS Score: %0.22
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26904

    LMA ISIDA Retriever 5.2 allows SQL Injection.... Read more

    Affected Products : retriever
    • EPSS Score: %0.73
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26903

    LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text'].... Read more

    Affected Products : retriever
    • EPSS Score: %0.44
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26902

    HEVC Video Extensions Remote Code Execution Vulnerability... Read more

    • EPSS Score: %4.41
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291601 Results