Skip to main content
CVE-2021-23341 HIGH POC PATCH This Week

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Prism
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-23340 HIGH POC PATCH This Week

This affects the package pimcore/pimcore before 6.8.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Pimcore
NVD GitHub
CVSS 3.1
7.1
EPSS
1.3%
CVE-2021-20443 HIGH PATCH This Week

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo For Civil Infrastructure
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-27379 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26712 HIGH PATCH This Week

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Asterisk Certified Asterisk
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-26717 HIGH PATCH This Week

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-20354 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy