Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.4

    MEDIUM
    CVE-2021-25645

    An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb... Read more

    • EPSS Score: %0.05
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-25644

    An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in th... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.18
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-25643

    An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCr... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.16
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-25642

    ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users... Read more

    Affected Products : hadoop
    • EPSS Score: %0.44
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25641

    Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the... Read more

    Affected Products : dubbo
    • EPSS Score: %74.80
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-25640

    In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.... Read more

    Affected Products : dubbo
    • EPSS Score: %0.40
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-25636

    LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerabili... Read more

    Affected Products : fedora libreoffice
    • EPSS Score: %0.18
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-25634

    LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerabili... Read more

    Affected Products : debian_linux libreoffice
    • EPSS Score: %0.22
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-25633

    LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerabili... Read more

    Affected Products : debian_linux libreoffice
    • EPSS Score: %0.29
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-25631

    In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an exec... Read more

    Affected Products : libreoffice
    • EPSS Score: %1.32
    • Published: May. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-25630

    "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In th... Read more

    Affected Products : online
    • EPSS Score: %0.04
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-25527

    Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.... Read more

    Affected Products : pay samsung_pay
    • EPSS Score: %0.06
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-25526

    Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.... Read more

    Affected Products : blockchain_wallet
    • EPSS Score: %0.05
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-25525

    Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.... Read more

    Affected Products : pay samsung_pay
    • EPSS Score: %0.10
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25524

    Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.... Read more

    Affected Products : contacts
    • EPSS Score: %0.06
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25523

    Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.... Read more

    Affected Products : dialer
    • EPSS Score: %0.06
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-25522

    Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.... Read more

    Affected Products : smart_capture
    • EPSS Score: %0.06
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25521

    Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.... Read more

    Affected Products : internet
    • EPSS Score: %0.06
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-25520

    Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.... Read more

    Affected Products : internet
    • EPSS Score: %0.45
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25519

    An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291570 Results