Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2021-21434

    Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x ... Read more

    Affected Products : survey
    • EPSS Score: %0.31
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-21433

    Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2... Read more

    Affected Products : discord-recon discord-recon
    • EPSS Score: %5.47
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-21432

    Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc... Read more

    Affected Products : vela server
    • EPSS Score: %0.30
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-21431

    sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may h... Read more

    Affected Products : channelmgnt
    • EPSS Score: %0.10
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2021-21430

    OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files ... Read more

    Affected Products : openapi_generator
    • EPSS Score: %0.16
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-21429

    OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave ap... Read more

    Affected Products : openapi_generator
    • EPSS Score: %0.05
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-21428

    Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.cre... Read more

    Affected Products : openapi_generator
    • EPSS Score: %0.05
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-21427

    Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-... Read more

    Affected Products : magento
    • EPSS Score: %0.64
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21426

    Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 an... Read more

    Affected Products : magento
    • EPSS Score: %0.40
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21425

    Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Pa... Read more

    Affected Products : grav-plugin-admin grav_admin
    • EPSS Score: %89.00
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-21424

    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempti... Read more

    Affected Products : fedora symfony
    • EPSS Score: %0.21
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-21423

    `projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen's `... Read more

    Affected Products : projen
    • EPSS Score: %0.67
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-21422

    mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a ro... Read more

    Affected Products : mongo-express
    • EPSS Score: %1.09
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-21421

    node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.... Read more

    Affected Products : node-etsy-client
    • EPSS Score: %0.52
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21420

    vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerabili... Read more

    Affected Products : stripe
    • EPSS Score: %0.20
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-21419

    Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in ver... Read more

    Affected Products : fedora eventlet
    • EPSS Score: %0.10
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-21418

    ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1... Read more

    Affected Products : ps_emailsubscription
    • EPSS Score: %0.26
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-21417

    fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.... Read more

    Affected Products : debian_linux fluidsynth
    • EPSS Score: %0.53
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-21416

    django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account regist... Read more

    Affected Products : django-registration
    • EPSS Score: %0.19
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21415

    Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Se... Read more

    Affected Products : language-tools
    • EPSS Score: %2.12
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290997 Results