Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-23425

    All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.... Read more

    Affected Products : trim-off-newlines
    • EPSS Score: %0.36
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23424

    This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.... Read more

    Affected Products : ansi-html
    • EPSS Score: %0.20
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23423

    This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output.... Read more

    Affected Products : bikeshed
    • EPSS Score: %0.35
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-23422

    This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.... Read more

    Affected Products : bikeshed
    • EPSS Score: %0.20
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23421

    All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.... Read more

    Affected Products : merge-change
    • EPSS Score: %0.53
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-23420

    This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.... Read more

    Affected Products : codeception
    • EPSS Score: %0.58
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23419

    This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.... Read more

    Affected Products : open-graph
    • EPSS Score: %0.43
    • Published: Aug. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23418

    The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.... Read more

    Affected Products : glances
    • EPSS Score: %0.38
    • Published: Jul. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23417

    All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.... Read more

    Affected Products : deepmergefn
    • EPSS Score: %0.53
    • Published: Jul. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23416

    This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.... Read more

    Affected Products : curly-bracket-parser
    • EPSS Score: %0.24
    • Published: Jul. 28, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23415

    This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.... Read more

    Affected Products : elfinder.aspnet
    • EPSS Score: %0.44
    • Published: Jul. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-23414

    This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.... Read more

    Affected Products : fedora video.js video.js
    • EPSS Score: %0.07
    • Published: Jul. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-23413

    This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.... Read more

    Affected Products : jszip
    • EPSS Score: %0.24
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23412

    All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.... Read more

    Affected Products : gitlogplus
    • EPSS Score: %3.92
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23411

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.... Read more

    Affected Products : anchorme
    • EPSS Score: %0.30
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23409

    The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.... Read more

    Affected Products : go-proxyproto
    • EPSS Score: %0.91
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-23408

    This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or __proto__ payload.... Read more

    Affected Products : graphhopper
    • EPSS Score: %0.25
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23407

    This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.... Read more

    Affected Products : elfinder.net.core
    • EPSS Score: %0.53
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23406

    This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maint... Read more

    Affected Products : pac-resolver
    • EPSS Score: %1.00
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-23405

    This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.02
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290940 Results