Skip to main content
CVE-2021-25275 HIGH POC This Week

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25276 HIGH POC This Week

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Serv U
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2021-25765 HIGH This Week

In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtrack
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-25758 HIGH This Week

In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-25776 HIGH This Week

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-25769 HIGH This Week

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy