Skip to main content
CVE-2021-31411 HIGH PATCH This Week

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Flow Vaadin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29100 HIGH This Week

A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Arcgis Earth
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-20401 HIGH This Week

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25319 HIGH PATCH This Week

A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Factory
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29101 HIGH This Week

ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Arcgis Geoevent Server
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-31542 HIGH PATCH This Week

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
5.3%
CVE-2021-31518 HIGH This Week

Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Home Network Security
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-31517 HIGH This Week

Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Home Network Security
NVD
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy