Skip to main content
CVE-2021-27582 CRITICAL POC PATCH Act Now

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Java Connect
NVD GitHub
CVSS 3.1
9.1
EPSS
2.2%
CVE-2021-26594 HIGH POC This Week

In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Directus
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-3410 HIGH POC This Week

A flaw was found in libcaca v0.99.beta19. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libcaca Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-26593 HIGH POC This Week

{id}. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-3252 HIGH POC This Week

KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Xp100U Firmware
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-20247 HIGH POC This Week

A flaw was found in mbsync before v1.3.5 and v1.4.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mbsync Extra Packages For Enterprise Linux Debian Linux Fedora
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2021-26926 HIGH POC PATCH This Week

A flaw was found in jasper before 2.0.25. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Jasper Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
1.2%
CVE-2021-3405 MEDIUM POC This Month

A flaw was found in libebml before 1.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libebml Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-27568 MEDIUM POC PATCH This Month

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Json Smart V1 Json Smart V2 Communications Cloud Native Core Policy Oss Support Tools +3
NVD GitHub
CVSS 3.1
5.9
EPSS
2.9%
CVE-2021-26927 MEDIUM POC PATCH This Month

A flaw was found in jasper before 2.0.25. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-27550 MEDIUM POC This Month

Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Polaris Office
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2021-23827 MEDIUM POC This Month

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft Information Disclosure Keybase
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-27583 MEDIUM POC This Month

In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-26595 MEDIUM POC This Month

In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Directus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-20182 HIGH PATCH This Week

A privilege escalation flaw was found in openshift4/ose-docker-builder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation Path Traversal Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-22112 HIGH PATCH This Week

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Spring Security Communications Element Manager Communications Interactive Session Recorder +4
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2021-20198 HIGH PATCH This Week

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Openshift Installer
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2021-20194 HIGH PATCH This Week

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26677 HIGH This Week

A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27579 HIGH This Week

Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Snow Inventory Agent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-22651 HIGH PATCH This Week

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Keyshot Keyshot Network Rendering Keyshot Viewer Keyvr +2
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2021-20226 HIGH This Week

A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Memory Corruption Denial Of Service Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25630 HIGH This Week

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Online
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22649 HIGH This Week

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Keyshot Keyshot Network Rendering Keyshot Viewer +3
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-22647 HIGH This Week

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Keyshot Keyshot Network Rendering +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-22645 HIGH This Week

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keyshot Keyshot Network Rendering Keyshot Viewer Keyvr +2
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-22643 HIGH This Week

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Keyshot Keyshot Network Rendering +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-22882 HIGH This Week

UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Denial Of Service Unifi Protect Controller
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20230 HIGH PATCH This Week

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Stunnel
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-26680 HIGH This Week

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26679 HIGH This Week

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26684 HIGH This Week

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26683 HIGH This Week

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26681 HIGH This Week

A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-20252 MEDIUM This Month

A flaw was found in Red Hat 3scale API Management Platform 2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat 3Scale Api Management
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-26686 MEDIUM This Month

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-26685 MEDIUM This Month

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-26682 MEDIUM This Month

A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-26678 MEDIUM This Month

A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-27189 MEDIUM PATCH This Month

The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apple Information Disclosure Canadian Shield
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-3407 MEDIUM This Month

A flaw was found in mupdf 1.18.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mupdf Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
50.2%
CVE-2021-21323 MEDIUM PATCH This Month

Brave is an open source web browser with a focus on privacy and security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Brave
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-20256 MEDIUM This Month

A flaw was found in Red Hat Satellite. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Satellite
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2021-22113 MEDIUM PATCH This Month

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Cloud Netflix Zuul
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20220 MEDIUM PATCH This Month

A flaw was found in Undertow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Request Smuggling XSS Undertow Active Iq Unified Manager Oncommand Workflow Automation
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-20229 MEDIUM This Month

A flaw was found in PostgreSQL in versions before 13.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy