Skip to main content
CVE-2021-21372 HIGH POC PATCH This Week

Nimble is a package manager for the Nim programming language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Nim
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2021-21389 HIGH POC PATCH THREAT This Week

BuddyPress is an open source WordPress plugin to build a community site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Buddypress
NVD GitHub
CVSS 3.1
8.8
EPSS
13.9%
CVE-2021-28249 HIGH POC This Week

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ehealth Performance Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-21374 HIGH POC PATCH This Week

Nimble is a package manager for the Nim programming language. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Nim
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-28250 HIGH POC This Week

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ehealth Performance Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28246 HIGH POC This Week

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ehealth
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-29255 HIGH POC This Week

MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mym71080I B Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-28248 HIGH POC This Week

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ehealth
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20285 MEDIUM POC This Month

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Upx
NVD GitHub
CVSS 3.1
6.6
EPSS
0.8%
CVE-2021-1629 MEDIUM POC This Month

Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Tableau Server
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-3275 MEDIUM POC This Month

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link XSS Td W9977 Firmware Tl Wa801Nd Firmware Tl Wa801N Firmware +2
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-21373 MEDIUM POC This Month

Nimble is a package manager for the Nim programming language. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Nim
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-21403 CRITICAL PATCH Act Now

In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kongchuanhujiao
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-1628 CRITICAL Act Now

MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Mule
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-1627 CRITICAL Act Now

MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mule
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-1626 CRITICAL Act Now

MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mule
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-20284 MEDIUM POC This Month

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils Cloud Backup Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-28247 MEDIUM POC This Month

CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ehealth Performance Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22180 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 13.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-22172 MEDIUM POC This Month

Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21332 HIGH PATCH This Week

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

CSRF Python XSS Synapse Fedora
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
CVE-2021-29266 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.11.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29249 HIGH This Week

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-22506 HIGH KEV THREAT This Week

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.1
7.5
EPSS
25.7%
CVE-2021-20206 HIGH PATCH This Week

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Container Network Interface
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-20682 HIGH PATCH This Week

baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Basercms
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-20271 HIGH PATCH This Week

A flaw was found in RPM's signature check functionality when reading a package file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Rpm Enterprise Linux Fedora Starwind Virtual San
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2021-25372 MEDIUM KEV THREAT This Month

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-25371 MEDIUM KEV THREAT This Month

A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-21396 MEDIUM PATCH This Month

wire-server is an open-source back end for Wire, a secure collaboration platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nginx Information Disclosure Wire Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-23890 MEDIUM This Month

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-3153 MEDIUM This Month

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Terraform Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-3027 MEDIUM PATCH This Month

app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Passhport
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-20197 MEDIUM PATCH This Month

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. Rated medium severity (CVSS 6.3).

Information Disclosure Binutils Enterprise Linux Cloud Backup Ontap Select Deploy Administration Utility +2
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-23888 MEDIUM This Month

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Epolicy Orchestrator
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2021-21333 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required.

Python Code Injection Synapse Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-22886 MEDIUM PATCH This Month

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-29264 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.11.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21411 MEDIUM PATCH This Month

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Gitlab Authentication Bypass Oauth2 Proxy
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-22184 MEDIUM This Month

An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-25369 MEDIUM POC KEV THREAT This Month

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-20683 MEDIUM PATCH This Month

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20681 MEDIUM PATCH This Month

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20289 MEDIUM PATCH This Month

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Resteasy Oncommand Insight Quarkus Communications Cloud Native Core Console
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-3109 MEDIUM This Month

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-23889 MEDIUM This Month

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-29265 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.7. Rated medium severity (CVSS 4.7).

Linux Denial Of Service Race Condition Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-22194 MEDIUM This Month

In all versions of GitLab, marshalled session keys were being stored in Redis. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Redis Gitlab Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-25370 MEDIUM POC KEV THREAT This Month

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.9%
CVE-2021-20193 LOW PATCH Monitor

A flaw was found in the src/list.c of tar 1.33 and earlier. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Tar
NVD
CVSS 3.1
3.3
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy