Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-21419

    Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in ver... Read more

    Affected Products : fedora eventlet
    • EPSS Score: %0.10
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-21418

    ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1... Read more

    Affected Products : ps_emailsubscription
    • EPSS Score: %0.26
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-21417

    fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.... Read more

    Affected Products : debian_linux fluidsynth
    • EPSS Score: %0.53
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-21416

    django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account regist... Read more

    Affected Products : django-registration
    • EPSS Score: %0.19
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21415

    Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Se... Read more

    Affected Products : language-tools
    • EPSS Score: %2.12
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-21414

    Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a ... Read more

    Affected Products : prisma
    • EPSS Score: %1.90
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21413

    isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs ... Read more

    Affected Products : isolated-vm
    • EPSS Score: %0.14
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21412

    Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT... Read more

    Affected Products : \@thi.ng\/egf
    • EPSS Score: %1.08
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-21411

    OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag ... Read more

    Affected Products : oauth2_proxy
    • EPSS Score: %0.31
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-21410

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncomp... Read more

    Affected Products : contiki-ng
    • EPSS Score: %0.43
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-21409

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability ... Read more

    • EPSS Score: %4.98
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21408

    Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0... Read more

    Affected Products : fedora debian_linux smarty
    • EPSS Score: %0.36
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-21407

    Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.... Read more

    Affected Products : itop
    • EPSS Score: %0.15
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21406

    Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0... Read more

    Affected Products : itop
    • EPSS Score: %0.58
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-21405

    Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be p... Read more

    Affected Products : lotus
    • EPSS Score: %0.17
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-21404

    Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for th... Read more

    Affected Products : syncthing
    • EPSS Score: %0.92
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21403

    In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.... Read more

    Affected Products : kongchuanhujiao
    • EPSS Score: %0.18
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-21402

    Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host O... Read more

    Affected Products : jellyfin
    • EPSS Score: %92.17
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-21401

    Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and t... Read more

    Affected Products : nanopb
    • EPSS Score: %0.20
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-21400

    wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used c... Read more

    Affected Products : wire-webapp
    • EPSS Score: %0.42
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291002 Results