Skip to main content
CVE-2021-27878 HIGH POC KEV THREAT Act Now

An issue was discovered in Veritas Backup Exec before 21.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backup Exec
NVD
CVSS 3.1
8.8
EPSS
24.0%
CVE-2021-27876 HIGH POC KEV THREAT Act Now

An issue was discovered in Veritas Backup Exec before 21.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backup Exec
NVD
CVSS 3.1
8.1
EPSS
13.4%
CVE-2021-26704 HIGH POC PATCH This Week

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-25829 HIGH POC This Week

An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Document Server
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2021-25122 HIGH PATCH This Week

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Apache Information Disclosure Debian Linux Agile Plm +9
NVD
CVSS 3.1
7.5
EPSS
18.1%
CVE-2021-21517 HIGH This Week

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Emc Srs Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-25329 HIGH PATCH This Week

The fix for CVE-2020-9484 was incomplete. Rated high severity (CVSS 7.0).

Tomcat Apache Information Disclosure Debian Linux Agile Plm +9
NVD
CVSS 3.1
7.0
EPSS
9.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy