Skip to main content
CVE-2021-26753 CRITICAL POC Act Now

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Nedi
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2021-26752 HIGH POC This Week

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nedi
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-26751 HIGH POC This Week

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nedi
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-27197 HIGH POC This Week

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Digital Sentry Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-22504 CRITICAL Act Now

Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Operations Bridge Manager
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-27205 MEDIUM POC This Month

Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Telegram
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-27204 MEDIUM POC This Month

Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Telegram
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-27190 MEDIUM POC PATCH This Month

A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Peel Shopping
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-20651 CRITICAL Act Now

Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Manager
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2021-22978 HIGH This Week

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2021-20411 HIGH PATCH This Week

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Information Queue
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-22980 HIGH This Week

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Access Policy Manager Clients Big Ip Access Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22977 HIGH This Week

On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22985 HIGH This Week

On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22976 HIGH This Week

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22975 HIGH This Week

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-22974 HIGH This Week

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +12
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-22973 HIGH This Week

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20412 HIGH PATCH This Week

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Verify Information Queue
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20409 HIGH PATCH This Week

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Information Queue
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20407 HIGH PATCH This Week

IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Information Queue
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-27188 HIGH This Week

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fx Aggregator Terminal Client
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-27187 HIGH This Week

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fx Aggregator Terminal Client
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-20643 HIGH This Week

Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ld Ps U1 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-22982 HIGH This Week

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Big Ip Domain Name System Big Ip Global Traffic Manager
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-20648 MEDIUM This Month

ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc 300Febk S Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-20640 MEDIUM This Month

Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Lan W300N Pgrb Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-20639 MEDIUM This Month

LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Lan W300N Pgrb Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-20638 MEDIUM This Month

LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Lan W300N Pgrb Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-20650 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ncc Ewf100Rmwh2 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20647 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wrc 300Febk S Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20646 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wrc 300Febk A Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20642 MEDIUM This Month

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lan W300N Rs Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20641 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lan W300N Rs Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20637 MEDIUM This Month

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lan W300N Pr5B Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20636 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lan W300N Pr5B Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20635 MEDIUM This Month

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lan Wh450N Gr Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22984 MEDIUM This Month

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-22979 MEDIUM This Month

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20644 MEDIUM This Month

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wrc 1467Ghbk A Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20408 MEDIUM PATCH This Month

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Security Verify Information Queue
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-22983 MEDIUM This Month

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20645 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc 300Febk A Firmware
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20410 MEDIUM PATCH This Month

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Verify Information Queue
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-20406 MEDIUM PATCH This Month

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Verify Information Queue
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-22981 MEDIUM This Month

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20649 MEDIUM This Month

ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Wrc 300Febk S Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy