Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-23339

    This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.... Read more

    Affected Products : http_server akka-http
    • EPSS Score: %0.21
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-23338

    This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.... Read more

    Affected Products : qlib
    • EPSS Score: %5.10
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-23337

    Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.... Read more

    • EPSS Score: %0.55
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-23336

    The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called... Read more

    • EPSS Score: %0.41
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23335

    All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.... Read more

    Affected Products : is-user-valid
    • EPSS Score: %0.25
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-23331

    This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between ... Read more

    • EPSS Score: %0.04
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23330

    All versions of package launchpad are vulnerable to Command Injection via stop.... Read more

    Affected Products : launchpad
    • EPSS Score: %12.89
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23329

    The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.... Read more

    Affected Products : nested-object-assign
    • EPSS Score: %0.33
    • Published: Jan. 31, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-23328

    This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.... Read more

    Affected Products : iniparserjs
    • EPSS Score: %0.28
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-23327

    The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.... Read more

    Affected Products : apexcharts
    • EPSS Score: %1.86
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-23326

    This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.... Read more

    Affected Products : graphql-tools
    • EPSS Score: %1.50
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-23288

    The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Powe... Read more

    Affected Products : intelligent_power_protector
    • EPSS Score: %0.06
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-23287

    The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70.... Read more

    Affected Products : intelligent_power_manager
    • EPSS Score: %0.36
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-23286

    Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.... Read more

    Affected Products : intelligent_power_manager
    • EPSS Score: %0.10
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-23285

    Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrast... Read more

    Affected Products : intelligent_power_manager
    • EPSS Score: %0.21
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-23284

    Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastruc... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-23283

    Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP soft... Read more

    Affected Products : intelligent_power_protector
    • EPSS Score: %0.20
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-23281

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a speci... Read more

    Affected Products : intelligent_power_manager
    • EPSS Score: %0.58
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-23280

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious... Read more

    • EPSS Score: %0.12
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-23279

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacke... Read more

    • EPSS Score: %0.91
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290940 Results