Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-22951

    Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.31
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22950

    Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"... Read more

    Affected Products : concrete_cms
    • EPSS Score: %0.10
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-22949

    A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"... Read more

    Affected Products : concrete_cms
    • EPSS Score: %0.09
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-22948

    Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a ... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.54
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-22947

    When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush... Read more

    • EPSS Score: %0.09
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22946

    A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requi... Read more

    • EPSS Score: %0.07
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-22944

    A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protec... Read more

    Affected Products : unifi_protect
    • EPSS Score: %0.15
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-22943

    A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protec... Read more

    Affected Products : unifi_protect
    • EPSS Score: %0.12
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22942

    A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.... Read more

    Affected Products : rails actionpack
    • EPSS Score: %0.54
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22940

    Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.... Read more

    • EPSS Score: %0.35
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-22939

    If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.... Read more

    • EPSS Score: %0.14
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-22938

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • EPSS Score: %3.92
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-22937

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • EPSS Score: %7.48
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22936

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • EPSS Score: %0.12
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-22935

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • EPSS Score: %3.92
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-22934

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • EPSS Score: %4.38
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-22933

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • EPSS Score: %6.31
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22932

    An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue i... Read more

    Affected Products : sharefile_storagezones_controller
    • EPSS Score: %0.08
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22931

    Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (... Read more

    • EPSS Score: %0.74
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22930

    Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.... Read more

    • EPSS Score: %0.36
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292725 Results