Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-22928

    A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level o... Read more

    • EPSS Score: %0.05
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-22927

    A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.... Read more

    • EPSS Score: %0.30
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22926

    libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport,... Read more

    • EPSS Score: %0.60
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-22925

    curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made ... Read more

    • EPSS Score: %0.32
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-22923

    When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try ... Read more

    • EPSS Score: %0.07
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22922

    When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potent... Read more

    • EPSS Score: %0.16
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22921

    Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to per... Read more

    • EPSS Score: %0.60
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22920

    A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploite... Read more

    • EPSS Score: %0.26
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22919

    A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploite... Read more

    • EPSS Score: %0.70
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-22918

    Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to ... Read more

    • EPSS Score: %0.74
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22917

    Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.... Read more

    Affected Products : browser brave
    • EPSS Score: %0.30
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-22916

    In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, result... Read more

    Affected Products : brave
    • EPSS Score: %0.28
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22915

    Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextclou... Read more

    Affected Products : fedora nextcloud_server
    • EPSS Score: %0.49
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22914

    Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to acces... Read more

    Affected Products : cloud_connector
    • EPSS Score: %0.32
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22913

    Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user... Read more

    Affected Products : deck nextcloud_server notes
    • EPSS Score: %0.65
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22912

    Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.... Read more

    Affected Products : nextcloud_server nextcloud notes
    • EPSS Score: %0.65
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22911

    A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.... Read more

    Affected Products : rocket.chat
    • EPSS Score: %92.33
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22910

    A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.... Read more

    Affected Products : rocket.chat
    • EPSS Score: %0.81
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2021-22909

    A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.... Read more

    • EPSS Score: %0.51
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-22908

    A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by defa... Read more

    Affected Products : pulse_connect_secure connect_secure
    • EPSS Score: %31.77
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292646 Results