Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2021-26943

    The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).... Read more

    Affected Products : ux360ca_bios ux360ca
    • EPSS Score: %5.60
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26939

    An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem... Read more

    Affected Products : henriquedornas
    • EPSS Score: %0.32
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-26938

    A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the PHP version running on this hosts... Read more

    Affected Products : henriquedornas
    • EPSS Score: %0.21
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26936

    The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.... Read more

    Affected Products : replaysorcery
    • EPSS Score: %0.03
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26935

    In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.... Read more

    Affected Products : wowonder
    • EPSS Score: %0.58
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26934

    An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support stat... Read more

    Affected Products : linux_kernel fedora
    • EPSS Score: %0.13
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26933

    An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory befor... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.08
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26932

    An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the b... Read more

    • EPSS Score: %0.19
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26931

    An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.15
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-26930

    An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encounter... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.11
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26929

    An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by p... Read more

    Affected Products : debian_linux groupware
    • EPSS Score: %2.96
    • Published: Feb. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-26928

    BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have bee... Read more

    Affected Products : bird
    • EPSS Score: %0.33
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26927

    A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.... Read more

    Affected Products : fedora jasper
    • EPSS Score: %0.07
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-26926

    A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.... Read more

    Affected Products : fedora jasper
    • EPSS Score: %0.10
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-26925

    Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.... Read more

    Affected Products : fedora webmail
    • EPSS Score: %0.26
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-26924

    An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.... Read more

    • EPSS Score: %0.24
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-26923

    An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.... Read more

    • EPSS Score: %0.54
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26921

    In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.... Read more

    • EPSS Score: %0.24
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-26920

    In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges ... Read more

    Affected Products : druid
    • EPSS Score: %3.84
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-26919

    Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, ... Read more

    Affected Products : druid
    • EPSS Score: %82.39
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results