Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-23960

    Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.42
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23959

    An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox ... Read more

    Affected Products : firefox
    • EPSS Score: %0.30
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-23958

    The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.... Read more

    Affected Products : firefox
    • EPSS Score: %0.32
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2021-23957

    Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.... Read more

    Affected Products : firefox
    • EPSS Score: %0.29
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-23956

    An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.... Read more

    Affected Products : firefox
    • EPSS Score: %0.28
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23955

    The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.... Read more

    Affected Products : firefox
    • EPSS Score: %0.24
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-23954

    Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ES... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.30
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-23953

    If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.38
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-23937

    A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered ... Read more

    Affected Products : wicket
    • EPSS Score: %6.87
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23936

    OX App Suite through 7.10.4 allows XSS via the subject of a task.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23935

    OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23934

    OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23933

    OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23932

    OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23931

    OX App Suite through 7.10.4 allows XSS via an inline binary file.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23930

    OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23929

    OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-23928

    OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.17
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-23927

    OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.13
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-23926

    The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.... Read more

    • EPSS Score: %0.32
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292759 Results