Skip to main content
CVE-2021-28167 MEDIUM POC This Month

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openj9
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21426 CRITICAL PATCH Act Now

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Adobe Magento
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-31329 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.7%
CVE-2021-31327 MEDIUM POC This Month

Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.7%
CVE-2021-21646 HIGH PATCH This Week

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Templating Engine
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-20501 HIGH This Week

IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2021-20454 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 3.1
8.2
EPSS
2.9%
CVE-2021-21642 HIGH PATCH This Week

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Config File Provider
NVD
CVSS 3.1
8.1
EPSS
37.8%
CVE-2021-1076 HIGH This Week

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Microsoft Information Disclosure Nvidia +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-31523 HIGH PATCH This Week

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Debian Privilege Escalation Xscreensaver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-30139 HIGH This Week

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apk Tools
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-28965 HIGH PATCH This Week

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexml Ruby Fedora
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2021-1075 HIGH This Week

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Null Pointer Dereference Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-1074 HIGH This Week

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Information Disclosure Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2021-21427 HIGH PATCH This Week

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Adobe Magento
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-21643 MEDIUM PATCH This Month

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Config File Provider
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-1078 MEDIUM This Month

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Nvidia Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1077 MEDIUM This Month

NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nvidia Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-29456 MEDIUM PATCH This Month

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Authelia
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-21644 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Config File Provider
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-21647 MEDIUM PATCH This Month

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cloudbees Cd
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21645 MEDIUM PATCH This Month

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Config File Provider
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy