Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2021-25748

    A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` o... Read more

    Affected Products : ingress-nginx
    • EPSS Score: %0.04
    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-25746

    A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx co... Read more

    Affected Products : ingress-nginx
    • EPSS Score: %0.31
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-25745

    A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of t... Read more

    Affected Products : ingress-nginx
    • EPSS Score: %0.19
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-25742

    A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.... Read more

    Affected Products : trident ingress-nginx
    • EPSS Score: %0.63
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-25741

    A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.... Read more

    Affected Products : kubernetes
    • EPSS Score: %29.52
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-25740

    A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.54
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2021-25738

    Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.... Read more

    Affected Products : java
    • EPSS Score: %0.27
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-25737

    A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not perfor... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.55
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-25735

    A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at ... Read more

    Affected Products : kubernetes
    • EPSS Score: %20.80
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-25701

    The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service.... Read more

    Affected Products : pcoip_client
    • EPSS Score: %0.05
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25699

    The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a... Read more

    Affected Products : pcoip_client
    • EPSS Score: %0.06
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25698

    The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a ... Read more

    Affected Products : pcoip_standard_agent pcoip_client
    • EPSS Score: %0.06
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25695

    The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver.... Read more

    Affected Products : pcoip
    • EPSS Score: %0.06
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25694

    Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere.... Read more

    Affected Products : pcoip_graphics_agent
    • EPSS Score: %0.06
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-25693

    An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.... Read more

    Affected Products : pcoip_agent
    • EPSS Score: %0.39
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2021-25692

    Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.... Read more

    • EPSS Score: %0.03
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-25690

    A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.... Read more

    Affected Products : pcoip_soft_client
    • EPSS Score: %0.39
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25689

    An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.... Read more

    Affected Products : pcoip_soft_client
    • EPSS Score: %1.02
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-25688

    Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.... Read more

    • EPSS Score: %0.05
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-25684

    It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.... Read more

    Affected Products : apport
    • EPSS Score: %0.06
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291368 Results