Skip to main content
CVE-2017-17674 CRITICAL Act Now

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Remedy Mid Tier
NVD VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-29625 MEDIUM POC PATCH This Month

Adminer is open-source database management software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Adminer
NVD GitHub
CVSS 3.1
6.1
EPSS
8.7%
CVE-2021-29622 MEDIUM POC THREAT This Month

Prometheus is an open-source monitoring system and time series database. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Prometheus
NVD GitHub
CVSS 3.1
6.1
EPSS
19.6%
CVE-2021-33204 CRITICAL PATCH Act Now

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PostgreSQL Pg Partman
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2017-17677 HIGH This Week

BMC Remedy 9.1SP3 is affected by authenticated code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Remedy Mid Tier
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-3517 HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 Jboss Core Services Enterprise Linux +25
NVD
CVSS 3.1
8.6
EPSS
8.3%
CVE-2021-25644 HIGH This Week

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-3445 HIGH This Week

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jwt Attack Libdnf Fedora Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-21732 HIGH This Week

A mobile phone of ZTE is impacted by improper access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Axon 11 5G Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20589 HIGH This Week

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Gt27 Firmware Gt25 Firmware Gt23 Firmware Gt21 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-29624 MEDIUM PATCH This Month

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Fastify Csrf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-31158 MEDIUM This Month

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2017-17678 MEDIUM This Month

BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Remedy Mid Tier
NVD VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29503 MEDIUM PATCH This Month

HedgeDoc is a platform to write and share markdown. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Hedgedoc
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-31930 MEDIUM This Month

Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concerto
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-27924 MEDIUM This Month

An issue was discovered in Couchbase Server 6.x through 6.6.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2017-17675 MEDIUM This Month

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remedy Mid Tier
NVD VulDB
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-3421 MEDIUM PATCH This Month

A flaw was found in the RPM package in the read functionality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Rpm Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-20528 MEDIUM PATCH This Month

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Control Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20374 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20529 MEDIUM PATCH This Month

IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Control Center
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-21733 MEDIUM This Month

The management system of ZXCDN is impacted by the information leak vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zxcdn
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-27925 MEDIUM This Month

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Couchbase Server
NVD
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy