Skip to main content
CVE-2021-3325 CRITICAL POC PATCH Act Now

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Monitorix Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-22641 HIGH POC This Week

A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-3318 MEDIUM POC This Month

attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dzzoffice
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.8%
CVE-2021-25311 CRITICAL Act Now

condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Htcondor
NVD
CVSS 3.1
9.9
EPSS
3.2%
CVE-2021-3331 CRITICAL PATCH Act Now

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Winscp
NVD GitHub
CVSS 3.1
9.8
EPSS
7.4%
CVE-2021-3272 MEDIUM POC This Month

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jasper Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-26117 HIGH PATCH This Week

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Activemq Artemis Oncommand Workflow Automation +5
NVD VulDB
CVSS 3.1
7.5
EPSS
9.9%
CVE-2021-26276 MEDIUM POC PATCH This Month

scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Node Config Shield
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-36012 MEDIUM POC This Month

Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Multi Store
NVD VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-25312 HIGH This Week

HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Htcondor
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-22655 HIGH This Week

Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22653 HIGH This Week

Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22639 HIGH This Week

An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-22637 HIGH This Week

Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-25247 HIGH This Week

A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Housecall For Home Networks
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-26118 HIGH PATCH GHSA This Week

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Authentication Bypass Artemis Oncommand Workflow Automation
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-3326 HIGH PATCH This Week

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Glibc E Series Santricity Os Controller Ontap Select Deploy Administration Utility Communications Cloud Native Core Security Edge Protection Proxy +7
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-25226 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25225 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25224 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-20357 MEDIUM PATCH This Month

IBM Jazz Foundation products is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Insights Engineering Lifecycle Management +8
NVD
CVSS 3.1
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy