Skip to main content
CVE-2021-3141 HIGH This Week

In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Stealth
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27656 HIGH PATCH This Week

A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Exacqvision Web Service
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-27306 HIGH This Week

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kong Gateway
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-28667 HIGH PATCH This Week

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Stackstorm
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-1287 HIGH This Week

A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Stack Overflow Denial Of Service +2
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-24142 HIGH This Week

Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi 301 Redirects
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-24141 HIGH This Week

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Advanced Database Cleaner
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-24140 HIGH This Week

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Ajax Load More
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-21623 MEDIUM PATCH This Month

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Matrix Authorization Strategy
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20675 MEDIUM This Month

M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Dl8 A Firmware Dl8 B Firmware Dl8 C Firmware Dl8 D Firmware +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-20631 MEDIUM This Month

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-20626 MEDIUM This Month

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-20624 MEDIUM This Month

Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-27436 MEDIUM This Month

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webaccess Scada
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-28796 MEDIUM PATCH This Month

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Qiita
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20629 MEDIUM This Month

Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Office
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20628 MEDIUM This Month

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft XSS Office
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20627 MEDIUM This Month

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Office
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3416 MEDIUM PATCH This Month

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-28145 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-25764 MEDIUM This Month

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phpstorm
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-28133 MEDIUM This Month

Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Zoom
NVD
CVSS 3.1
4.3
EPSS
16.3%
CVE-2021-21626 MEDIUM PATCH This Month

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Warnings Next Generation
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21625 MEDIUM PATCH This Month

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Cloudbees Aws Credentials
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-21624 MEDIUM PATCH This Month

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Role Based Authorization Strategy
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20676 MEDIUM This Month

M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dl8 A Firmware Dl8 B Firmware Dl8 C Firmware Dl8 D Firmware +1
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20634 MEDIUM This Month

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20633 MEDIUM This Month

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20632 MEDIUM This Month

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20630 MEDIUM This Month

Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20625 MEDIUM This Month

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy