Skip to main content
CVE-2021-26295 CRITICAL POC PATCH THREAT Act Now

Apache OFBiz has unsafe deserialization prior to 17.12.06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Apache Ofbiz
NVD
CVSS 3.1
9.8
EPSS
97.8%
CVE-2021-28955 CRITICAL PATCH Act Now

git-bug before 0.7.2 has an Uncontrolled Search Path Element. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git Bug
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-25265 HIGH PATCH This Week

A malicious website could execute code remotely in Sophos Connect Client before version 2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Sophos Information Disclosure Connect
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-27308 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 4images
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.2%
CVE-2021-28956 HIGH PATCH This Week

The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Sass Lint
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-22314 HIGH This Week

There is a local privilege escalation vulnerability in some versions of ManageOne. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Manageone
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22320 HIGH This Week

There is a denial of service vulnerability in Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Ips Module Firmware Ngfw Module Firmware Nip6600 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-26578 HIGH This Week

A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Network Orchestrator
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22309 HIGH This Week

There is insecure algorithm vulnerability in Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Usg9500 Firmware Usg9520 Firmware Usg9560 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-28148 HIGH This Week

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Denial Of Service Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-22311 HIGH This Week

There is an improper permission assignment vulnerability in Huawei ManageOne product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Manageone
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-26070 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Data Center Jira Jira Server
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-27962 HIGH This Week

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
2.1%
CVE-2021-28972 MEDIUM PATCH This Month

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Fedora Cloud Backup +2
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2021-25920 MEDIUM PATCH This Month

In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-28147 MEDIUM This Month

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-28146 MEDIUM This Month

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-25922 MEDIUM PATCH This Month

In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-28971 MEDIUM PATCH This Month

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Intel Denial Of Service Linux Kernel Fedora +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25921 MEDIUM PATCH This Month

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
91.1%
CVE-2021-28968 MEDIUM This Month

An issue was discovered in PunBB before 1.4.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Punbb
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22321 MEDIUM This Month

There is a use-after-free vulnerability in a Huawei product. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Nip6300 Firmware +13
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-28963 MEDIUM PATCH This Month

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Service Provider Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-26069 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2021-25919 MEDIUM PATCH This Month

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
69.9%
CVE-2021-25918 MEDIUM PATCH This Month

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-25917 MEDIUM PATCH This Month

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-28964 MEDIUM This Month

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Denial Of Service Race Condition Linux Kernel Fedora +5
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-22310 MEDIUM This Month

There is an information leakage vulnerability in some huawei products. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Nip6300 Firmware Nip6600 Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21438 MEDIUM This Month

Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Faq Otrs
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-21437 MEDIUM This Month

Agents are able to see linked Config Items without permissions, which are defined in General Catalog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Itsmconfigurationmanagement Otrscisincustomerfrontend
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-27596 LOW Monitor

When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
3.3
EPSS
0.7%
CVE-2021-27595 LOW Monitor

When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
3.3
EPSS
1.4%
CVE-2021-27594 LOW Monitor

When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
3.3
EPSS
0.6%
CVE-2021-27593 LOW Monitor

When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
3.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy