Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2021-23391

    This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.... Read more

    Affected Products : calipso
    • EPSS Score: %0.09
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23390

    The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.... Read more

    Affected Products : total4
    • EPSS Score: %1.31
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23389

    The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.... Read more

    Affected Products : total.js
    • EPSS Score: %5.34
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-23388

    The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.... Read more

    Affected Products : forms
    • EPSS Score: %0.37
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23387

    The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::createTr... Read more

    Affected Products : trailing-slash
    • EPSS Score: %0.26
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-23386

    This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain n... Read more

    Affected Products : dns-packet
    • EPSS Score: %0.58
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23385

    This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as ... Read more

    Affected Products : flask-security
    • EPSS Score: %0.15
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-23384

    The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index... Read more

    Affected Products : koa-remove-trailing-slashes
    • EPSS Score: %0.21
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23383

    The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.... Read more

    • EPSS Score: %6.34
    • Published: May. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23382

    The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).... Read more

    Affected Products : postcss
    • EPSS Score: %0.07
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23381

    This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.... Read more

    Affected Products : killing
    • EPSS Score: %0.81
    • Published: Apr. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23380

    This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child... Read more

    Affected Products : roar-pidusage
    • EPSS Score: %0.50
    • Published: Apr. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23379

    This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.... Read more

    Affected Products : portkiller
    • EPSS Score: %0.81
    • Published: Apr. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23378

    This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.... Read more

    Affected Products : picotts
    • EPSS Score: %0.61
    • Published: Apr. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23377

    This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input saniti... Read more

    Affected Products : onion-oled-js
    • EPSS Score: %0.61
    • Published: Apr. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23376

    This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanit... Read more

    Affected Products : ffmpegdotjs
    • EPSS Score: %0.61
    • Published: Apr. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23375

    This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.... Read more

    Affected Products : psnode
    • EPSS Score: %0.81
    • Published: Apr. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23374

    This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitizatio... Read more

    Affected Products : ps-visitor
    • EPSS Score: %0.81
    • Published: Apr. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23373

    All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality.... Read more

    Affected Products : set-deep-prop
    • EPSS Score: %0.39
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23372

    All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.... Read more

    Affected Products : mongo-express
    • EPSS Score: %0.31
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292212 Results