Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-21393

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the ... Read more

    Affected Products : fedora synapse
    • EPSS Score: %0.55
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-21392

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to exter... Read more

    Affected Products : fedora synapse
    • EPSS Score: %0.20
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-21391

    CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widge... Read more

    • EPSS Score: %1.35
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-21390

    MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies... Read more

    Affected Products : minio
    • EPSS Score: %0.26
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-21389

    BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpo... Read more

    Affected Products : buddypress
    • EPSS Score: %93.54
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21388

    systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please... Read more

    Affected Products : systeminformation
    • EPSS Score: %0.62
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-21387

    Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was discl... Read more

    Affected Products : wrongthink
    • EPSS Score: %0.06
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-21386

    APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments tha... Read more

    Affected Products : apkleaks
    • EPSS Score: %1.05
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21385

    Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed ce... Read more

    Affected Products : mifos-mobile
    • EPSS Score: %0.19
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-21384

    shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For... Read more

    Affected Products : windows shescape unix
    • EPSS Score: %0.16
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-21383

    Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during con... Read more

    Affected Products : wiki.js
    • EPSS Score: %0.26
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21382

    Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration... Read more

    Affected Products : restund
    • EPSS Score: %0.33
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-21381

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain ac... Read more

    Affected Products : fedora debian_linux flatpak
    • EPSS Score: %0.12
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-21380

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL request... Read more

    Affected Products : xwiki
    • EPSS Score: %2.90
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-21379

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller... Read more

    Affected Products : xwiki
    • EPSS Score: %0.44
    • Published: Mar. 12, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-21378

    Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configure... Read more

    Affected Products : envoy
    • EPSS Score: %0.23
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-21377

    OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to... Read more

    Affected Products : omero.web
    • EPSS Score: %0.31
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-21376

    OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclien... Read more

    Affected Products : omero.web
    • EPSS Score: %0.42
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-21375

    PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183... Read more

    Affected Products : debian_linux pjsip
    • EPSS Score: %2.31
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-21374

    Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default s... Read more

    Affected Products : nim
    • EPSS Score: %0.27
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290997 Results