Skip to main content
CVE-2021-31167 HIGH PATCH This Week

Windows Container Manager Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-31165 HIGH PATCH This Week

Windows Container Manager Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-28465 HIGH PATCH This Week

Web Media Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Web Media Extensions
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2021-27616 HIGH This Week

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Business One Hana Chef Cookbook Business One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27613 HIGH This Week

Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming &. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Chef Business One Cookbook
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-30005 HIGH This Week

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Pycharm
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-29263 HIGH This Week

In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-26146 MEDIUM CISA This Month

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Samsung Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-28478 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
1.6%
CVE-2020-26139 MEDIUM PATCH CISA This Month

An issue was discovered in the kernel in NetBSD 7.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Netbsd Debian Linux C 100 Firmware C 110 Firmware +162
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-20313 HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-20312 HIGH PATCH This Week

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-20311 HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20310 HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20309 HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-29509 HIGH PATCH This Week

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nginx Apache Denial Of Service Puma Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-31913 HIGH This Week

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-31910 HIGH This Week

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-31898 HIGH This Week

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webstorm
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-30482 HIGH This Week

In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Upsource
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31905 HIGH This Week

In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-31902 HIGH This Week

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-31901 HIGH This Week

In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-30504 HIGH This Week

In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intellij Idea
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-30006 HIGH This Week

In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-26310 HIGH This Week

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26147 MEDIUM PATCH CISA This Month

An issue was discovered in the Linux kernel 5.8.9. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required.

Code Injection Linux Linux Kernel Debian Linux C 75 Firmware +5
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2021-31936 HIGH PATCH This Week

Microsoft Accessibility Insights for Web Information Disclosure Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Accessibility Insights For Web
NVD
CVSS 3.1
7.4
EPSS
3.3%
CVE-2021-31186 HIGH PATCH This Week

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.4
EPSS
3.0%
CVE-2020-26145 MEDIUM PATCH This Month

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Samsung Code Injection Galaxy I9305 Firmware 6Gk5763 1Al00 7Da0 Firmware 6Gk5766 1Ge00 7Da0 Firmware +10
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
4.3%
CVE-2021-31204 HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Net Core Visual Studio 2019 Fedora
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2021-31200 HIGH PATCH This Week

Common Utilities Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Neural Network Intelligence
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26422 HIGH PATCH This Week

Skype for Business and Lync Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Lync Server Skype For Business Server
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-31182 HIGH PATCH This Week

Microsoft Bluetooth Driver Spoofing Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2021-31172 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
1.8%
CVE-2021-27614 HIGH This Week

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection SAP Business One Hana Chef Cookbook Business One
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-21656 HIGH PATCH This Week

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Xcode Integration
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2021-21655 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins P4
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2021-21652 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Atlassian Xray Test Management For Jira
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-27611 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service SAP Code Injection Netweaver Application Server Abap
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-31209 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Exchange Server
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-31205 MEDIUM PATCH This Month

Windows SMB Client Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2021-26421 MEDIUM PATCH This Month

Skype for Business and Lync Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable.

Information Disclosure Lync Server Skype For Business Server
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-27619 MEDIUM This Month

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Commerce
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-28461 MEDIUM PATCH This Month

Dynamics Finance and Operations Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-27612 MEDIUM This Month

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Microsoft Gui For Windows
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21648 MEDIUM PATCH This Month

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Credentials
NVD
CVSS 3.1
6.1
EPSS
11.3%
CVE-2021-31911 MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-31904 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-31903 MEDIUM This Month

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
6.1
EPSS
0.8%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy