Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-22175

    When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registr... Read more

    Affected Products : gitlab
    • EPSS Score: %35.72
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22174

    Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : fedora wireshark zfs_storage_appliance
    • EPSS Score: %1.08
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22173

    Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : fedora wireshark zfs_storage_appliance
    • EPSS Score: %0.95
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-22172

    Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page... Read more

    Affected Products : gitlab
    • EPSS Score: %0.26
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-22171

    Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link... Read more

    Affected Products : gitlab
    • EPSS Score: %0.12
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22170

    Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content... Read more

    Affected Products : gitlab
    • EPSS Score: %0.07
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-22169

    An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.20
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22168

    A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.17
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22167

    An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository... Read more

    Affected Products : gitlab
    • EPSS Score: %0.25
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22166

    An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method... Read more

    Affected Products : gitlab
    • EPSS Score: %0.15
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22161

    In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a desti... Read more

    Affected Products : openwrt
    • EPSS Score: %0.11
    • Published: Feb. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22160

    If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instance... Read more

    Affected Products : pulsar
    • EPSS Score: %18.53
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22159

    Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3... Read more

    Affected Products : insider_threat_management
    • EPSS Score: %0.03
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-22158

    The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to success... Read more

    Affected Products : insider_threat_management
    • EPSS Score: %0.21
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22157

    Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.... Read more

    Affected Products : insider_threat_management
    • EPSS Score: %0.32
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22155

    An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context o... Read more

    Affected Products : workspaces_server workspaces
    • EPSS Score: %0.37
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-22154

    An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.... Read more

    • EPSS Score: %0.24
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-22153

    A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the vic... Read more

    • EPSS Score: %0.65
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22152

    A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connect... Read more

    • EPSS Score: %0.05
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-22151

    It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.... Read more

    Affected Products : kibana
    • EPSS Score: %0.80
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291570 Results