Skip to main content
CVE-2021-21513 CRITICAL POC Act Now

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Microsoft Authentication Bypass Openmanage Server Administrator
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2021-27885 HIGH POC PATCH This Week

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP E107
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.2%
CVE-2021-21321 CRITICAL PATCH Act Now

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Fastify Reply From
NVD GitHub
CVSS 3.1
10.0
EPSS
1.8%
CVE-2021-21322 CRITICAL PATCH Act Now

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Fastify Http Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-27730 CRITICAL Act Now

Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-27804 CRITICAL Act Now

JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libjxl
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-25309 CRITICAL Act Now

The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dx600A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-27886 CRITICAL PATCH Act Now

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Docker Dashboard
NVD GitHub
CVSS 3.1
9.8
EPSS
45.6%
CVE-2021-25330 HIGH This Week

Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-25306 HIGH This Week

A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dx600A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27901 MEDIUM This Month

An issue was discovered on LG mobile devices with Android OS 11 software. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2021-27888 MEDIUM This Month

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zendto
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-27731 MEDIUM This Month

Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fta
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21255 MEDIUM PATCH This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2021-27904 MEDIUM PATCH This Month

An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-22296 MEDIUM This Month

A component of HarmonyOS 2.0 has a DoS vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21258 MEDIUM PATCH This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3384 MEDIUM This Month

A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stormshield Network Security
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-21514 MEDIUM This Month

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Openmanage Server Administrator
NVD
CVSS 3.1
4.9
EPSS
5.4%
CVE-2021-22187 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21320 MEDIUM PATCH This Month

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Matrix React Sdk
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-22294 LOW Monitor

A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy