Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-25764

    In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.... Read more

    Affected Products : phpstorm
    • EPSS Score: %0.00
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-25763

    In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.... Read more

    Affected Products : ktor
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-25762

    In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.... Read more

    Affected Products : ktor
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-25761

    In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.... Read more

    Affected Products : ktor
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-25760

    In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.... Read more

    Affected Products : hub
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-25759

    In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.... Read more

    Affected Products : hub
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25758

    In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.... Read more

    Affected Products : intellij_idea
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-25757

    In JetBrains Hub before 2020.1.12629, an open redirect was possible.... Read more

    Affected Products : hub
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-25756

    In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.... Read more

    Affected Products : intellij_idea
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2021-25755

    In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.... Read more

    Affected Products : code_with_me
    • EPSS Score: %0.00
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25749

    Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.03
    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-25748

    A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` o... Read more

    Affected Products : ingress-nginx
    • EPSS Score: %0.04
    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-25746

    A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx co... Read more

    Affected Products : ingress-nginx
    • EPSS Score: %0.31
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-25745

    A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of t... Read more

    Affected Products : ingress-nginx
    • EPSS Score: %0.19
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-25742

    A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.... Read more

    Affected Products : trident ingress-nginx
    • EPSS Score: %0.63
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-25741

    A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.... Read more

    Affected Products : kubernetes
    • EPSS Score: %29.52
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-25740

    A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.54
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-25738

    Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.... Read more

    Affected Products : java
    • EPSS Score: %0.27
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-25737

    A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not perfor... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.55
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-25735

    A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at ... Read more

    Affected Products : kubernetes
    • EPSS Score: %20.80
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291312 Results