Skip to main content
CVE-2021-27877 CRITICAL POC KEV THREAT Emergency

An issue was discovered in Veritas Backup Exec before 21.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backup Exec
NVD
CVSS 3.1
9.8
EPSS
64.9%
CVE-2021-27878 HIGH POC KEV THREAT Act Now

An issue was discovered in Veritas Backup Exec before 21.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backup Exec
NVD
CVSS 3.1
8.8
EPSS
24.0%
CVE-2021-27876 HIGH POC KEV THREAT Act Now

An issue was discovered in Veritas Backup Exec before 21.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backup Exec
NVD
CVSS 3.1
8.1
EPSS
13.4%
CVE-2021-3342 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-26703 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-26476 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-25914 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Denial Of Service Object Collider
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-25833 CRITICAL POC THREAT Act Now

A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
43.5%
CVE-2021-25832 CRITICAL POC THREAT Act Now

A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
12.6%
CVE-2021-25831 CRITICAL POC THREAT Act Now

A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
11.5%
CVE-2021-25830 CRITICAL POC THREAT Act Now

A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
11.8%
CVE-2021-26704 HIGH POC PATCH This Week

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-25829 HIGH POC This Week

An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Document Server
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2021-26702 MEDIUM POC PATCH This Month

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Eprints
NVD GitHub
CVSS 3.1
6.1
EPSS
3.1%
CVE-2021-26475 MEDIUM POC PATCH This Month

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Eprints
NVD GitHub
CVSS 3.1
6.1
EPSS
7.3%
CVE-2021-27318 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Doctor Appointment System
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-27317 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Doctor Appointment System
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-3332 MEDIUM POC This Month

WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wps Hide Login
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-25122 HIGH PATCH This Week

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Apache Information Disclosure Debian Linux Agile Plm +9
NVD
CVSS 3.1
7.5
EPSS
18.1%
CVE-2021-21517 HIGH This Week

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Emc Srs Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-25329 HIGH PATCH This Week

The fix for CVE-2020-9484 was incomplete. Rated high severity (CVSS 7.0).

Tomcat Apache Information Disclosure Debian Linux Agile Plm +9
NVD
CVSS 3.1
7.0
EPSS
9.5%
CVE-2021-21515 MEDIUM This Month

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Emc Sourceone
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-27225 MEDIUM This Month

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Data Science Studio
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22114 MEDIUM PATCH This Month

Addresses partial fix in CVE-2018-1263. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java Spring Integration Zip
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-27884 MEDIUM PATCH This Month

Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Yapi
NVD GitHub
CVSS 3.1
5.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy