Skip to main content
CVE-2021-25681 HIGH POC THREAT Act Now

AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

Information Disclosure Personal Phone Manager
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
13.4%
CVE-2021-25680 MEDIUM POC This Month

The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Personal Phone Manager
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
3.4%
CVE-2021-29459 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-25679 MEDIUM POC This Month

The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Personal Phone Manager
NVD GitHub Exploit-DB VulDB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2021-29462 CRITICAL Act Now

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pupnp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-28793 CRITICAL PATCH Act Now

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Restructuredtext
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-30496 MEDIUM POC This Month

The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Denial Of Service Stack Overflow Telegram
NVD GitHub
CVSS 3.1
5.7
EPSS
1.2%
CVE-2021-28827 CRITICAL Act Now

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Administrator Runtime Agent
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-29461 HIGH This Week

Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Discord Recon
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-28828 HIGH This Week

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Administrator
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-20453 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Websphere Application Server
NVD
CVSS 3.1
8.2
EPSS
2.6%
CVE-2021-28829 HIGH This Week

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Administrator
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2021-30464 HIGH This Week

OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stationguard
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-28156 HIGH This Week

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass HashiCorp Consul
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-3035 HIGH This Week

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Hashicorp Bridgecrew Checkov
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-21526 MEDIUM This Month

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Command Injection Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1079 MEDIUM This Month

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution,. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Nvidia Denial Of Service Geforce Experience
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-29155 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.11.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Fedora +1
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-3038 MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Information Disclosure Globalprotect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-28492 MEDIUM This Month

Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Stealth
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-20023 MEDIUM KEV THREAT This Month

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Email Security Email Security Appliance 9000 Firmware Email Security Appliance 3300 Firmware +8
NVD
CVSS 3.1
4.9
EPSS
51.4%
CVE-2021-3036 MEDIUM This Month

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-3037 LOW Monitor

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
2.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy