Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-24129

    Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code... Read more

    Affected Products : portfolio_post
    • EPSS Score: %0.16
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24128

    Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML... Read more

    Affected Products : team_members
    • EPSS Score: %0.25
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24127

    Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation.... Read more

    • EPSS Score: %0.25
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24126

    Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege... Read more

    Affected Products : envira_gallery
    • EPSS Score: %0.16
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24125

    Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)... Read more

    Affected Products : contact_form_submissions
    • EPSS Score: %0.57
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-24124

    Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation.... Read more

    Affected Products : wp_shieldon
    • EPSS Score: %0.96
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24123

    Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary file... Read more

    Affected Products : powerpress
    • EPSS Score: %0.88
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-24122

    When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The r... Read more

    Affected Products : debian_linux tomcat agile_plm
    • EPSS Score: %57.13
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-24119

    In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in... Read more

    Affected Products : fedora debian_linux mbed_tls
    • EPSS Score: %0.35
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-24117

    In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running ... Read more

    Affected Products : teaclave_sgx_sdk rust_sgx_sdk
    • EPSS Score: %0.64
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-24116

    In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated e... Read more

    Affected Products : wolfssl
    • EPSS Score: %0.38
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24115

    In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).... Read more

    Affected Products : botan
    • EPSS Score: %0.71
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-24114

    Microsoft Teams iOS Information Disclosure Vulnerability... Read more

    Affected Products : teams
    • EPSS Score: %10.69
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-24113

    Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability... Read more

    Affected Products : edge_chromium
    • EPSS Score: %1.11
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24112

    .NET Core Remote Code Execution Vulnerability... Read more

    Affected Products : .net_core visual_studio_2019 .net mono
    • EPSS Score: %0.76
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-24111

    .NET Framework Denial of Service Vulnerability... Read more

    • EPSS Score: %17.99
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-24110

    HEVC Video Extensions Remote Code Execution Vulnerability... Read more

    • EPSS Score: %0.78
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-24109

    Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_kubernetes_service
    • EPSS Score: %4.29
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-24108

    Microsoft Office Remote Code Execution Vulnerability... Read more

    Affected Products : office 365_apps excel
    • EPSS Score: %0.95
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-24107

    Windows Event Tracing Information Disclosure Vulnerability... Read more

    • EPSS Score: %0.49
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results