Skip to main content
CVE-2021-20617 CRITICAL POC Act Now

Improper access control vulnerability in acmailer ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Acmailer Acmailer Db
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-3138 HIGH POC This Week

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-20618 CRITICAL Act Now

Privilege chaining vulnerability in acmailer ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Acmailer Acmailer Db
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-23926 CRITICAL PATCH Act Now

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmlbeans Oncommand Unified Manager Core Package Snap Creator Framework Snapmanager +3
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2021-21261 HIGH PATCH This Week

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Google RCE Flatpak Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-24122 MEDIUM PATCH This Month

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Microsoft Information Disclosure Apache Debian Linux +1
NVD
CVSS 3.1
5.9
EPSS
22.9%
CVE-2021-22132 MEDIUM PATCH This Month

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Elastic Information Disclosure Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.8
EPSS
1.2%
CVE-2021-21722 MEDIUM This Month

A ZTE Smart STB is impacted by an information leak vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxv10 B860A Firmware
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy