Skip to main content
CVE-2021-25265 HIGH PATCH This Week

A malicious website could execute code remotely in Sophos Connect Client before version 2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Sophos Information Disclosure Connect
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-28956 HIGH PATCH This Week

The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Sass Lint
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-22314 HIGH This Week

There is a local privilege escalation vulnerability in some versions of ManageOne. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Manageone
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22320 HIGH This Week

There is a denial of service vulnerability in Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Ips Module Firmware Ngfw Module Firmware Nip6600 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-26578 HIGH This Week

A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Network Orchestrator
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22309 HIGH This Week

There is insecure algorithm vulnerability in Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Usg9500 Firmware Usg9520 Firmware Usg9560 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-28148 HIGH This Week

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Denial Of Service Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-22311 HIGH This Week

There is an improper permission assignment vulnerability in Huawei ManageOne product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Manageone
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-26070 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Data Center Jira Jira Server
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-27962 HIGH This Week

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy