Skip to main content
CVE-2020-27575 HIGH POC This Week

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rumpus
NVD VulDB
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-27574 HIGH POC This Week

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rumpus
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21327 HIGH POC This Week

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-21362 MEDIUM POC PATCH This Month

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Minio
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21324 MEDIUM POC PATCH This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21337 MEDIUM POC PATCH This Month

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Products Pluggableauthservice
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
8.4%
CVE-2021-21354 MEDIUM POC PATCH This Month

Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Mozilla Open Redirect Pollbot
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-21335 CRITICAL PATCH Act Now

In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Nginx Authentication Bypass Spnego Http Authentication Module
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-21329 CRITICAL PATCH Act Now

RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ratcf
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-21506 HIGH This Week

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-21503 HIGH This Week

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26788 HIGH PATCH This Week

Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cyclonetcp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-21336 MEDIUM PATCH This Month

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Products Pluggableauthservice Plone
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-21326 MEDIUM This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21510 MEDIUM This Month

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Code Injection Idrac8 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-27576 MEDIUM This Month

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rumpus
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27222 MEDIUM This Month

In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Time In Status
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-23351 MEDIUM PATCH This Month

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Go Proxyproto Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-21325 MEDIUM This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-22134 MEDIUM PATCH This Month

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy