Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-25948

    Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : expand-hash
    • EPSS Score: %2.95
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25947

    Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : nestie
    • EPSS Score: %2.54
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25946

    Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : nconf-toml
    • EPSS Score: %2.95
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25945

    Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : js-extend
    • EPSS Score: %2.54
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25944

    Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : deep-defaults
    • EPSS Score: %2.54
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-25940

    In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary act... Read more

    Affected Products : arangodb
    • EPSS Score: %0.27
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25939

    In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-priv... Read more

    Affected Products : arangodb
    • EPSS Score: %0.23
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-25938

    In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Head... Read more

    Affected Products : arangodb
    • EPSS Score: %0.24
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25935

    In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable... Read more

    Affected Products : opennms horizon meridian
    • EPSS Score: %0.26
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25934

    In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable... Read more

    Affected Products : opennms horizon meridian
    • EPSS Score: %0.28
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25932

    In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerab... Read more

    Affected Products : opennms meridian
    • EPSS Score: %0.26
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-25924

    In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or... Read more

    Affected Products : gocd
    • EPSS Score: %0.93
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-25923

    In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an acco... Read more

    Affected Products : openemr
    • EPSS Score: %0.06
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-25922

    In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.... Read more

    Affected Products : openemr
    • EPSS Score: %1.67
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25913

    Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : set-or-get
    • EPSS Score: %2.95
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25912

    Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : dotty
    • EPSS Score: %2.95
    • Published: Feb. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-25910

    Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.... Read more

    • EPSS Score: %0.07
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2021-25909

    ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.... Read more

    • EPSS Score: %0.42
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-25908

    An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.... Read more

    Affected Products : fil-ocl
    • EPSS Score: %0.33
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25907

    An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.... Read more

    Affected Products : containers
    • EPSS Score: %0.42
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291368 Results