Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-26540

    Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe elemen... Read more

    Affected Products : sanitize-html
    • EPSS Score: %0.29
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-26539

    Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.... Read more

    Affected Products : sanitize-html
    • EPSS Score: %0.29
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-26530

    The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.... Read more

    Affected Products : mongoose
    • EPSS Score: %0.33
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-26529

    The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.... Read more

    Affected Products : mongoose
    • EPSS Score: %0.33
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-26528

    The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.... Read more

    Affected Products : mongoose
    • EPSS Score: %0.33
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26505

    Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.... Read more

    Affected Products : hello.js
    • EPSS Score: %1.26
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26504

    Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js.... Read more

    Affected Products : huemagic
    • EPSS Score: %0.51
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26476

    EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.... Read more

    Affected Products : eprints
    • EPSS Score: %2.87
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26475

    EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.... Read more

    Affected Products : eprints
    • EPSS Score: %60.55
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26474

    Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)... Read more

    Affected Products : bdr_suite offsite_dr
    • EPSS Score: %0.23
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26473

    In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by ... Read more

    Affected Products : bdr_suite offsite_dr
    • EPSS Score: %0.74
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26472

    In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.... Read more

    Affected Products : windows bdr_suite offsite_dr
    • EPSS Score: %9.97
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26471

    In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.... Read more

    Affected Products : bdr_suite offsite_dr
    • EPSS Score: %7.30
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26461

    Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote co... Read more

    Affected Products : nuttx
    • EPSS Score: %2.05
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26444

    Azure RTOS Information Disclosure Vulnerability... Read more

    Affected Products : azure_real_time_operating_system
    • EPSS Score: %1.05
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2021-26443

    Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %0.55
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26442

    Windows HTTP.sys Elevation of Privilege Vulnerability... Read more

    • EPSS Score: %0.61
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26441

    Storage Spaces Controller Elevation of Privilege Vulnerability... Read more

    • EPSS Score: %0.35
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-26439

    Microsoft Edge for Android Information Disclosure Vulnerability... Read more

    Affected Products : android edge
    • EPSS Score: %6.59
    • Published: Sep. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26437

    Visual Studio Code Spoofing Vulnerability... Read more

    Affected Products : visual_studio_code
    • EPSS Score: %1.51
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291531 Results