Skip to main content
CVE-2021-27562 MEDIUM KEV THREAT This Month

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 51.1%.

Memory Corruption Buffer Overflow Trusted Firmware M
NVD VulDB
CVSS 3.1
5.5
EPSS
51.1%
Threat
4.1
CVE-2021-33574 CRITICAL POC Act Now

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Glibc Fedora +11
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-25946 CRITICAL POC Act Now

Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Nconf Toml
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-25944 CRITICAL POC Act Now

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Deep Defaults
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-20096 HIGH POC This Week

Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Openoversight
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-33575 CRITICAL PATCH Act Now

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ruby Jss
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-30193 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 893 Firmware 750 891 Firmware 750 890 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-30192 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 750 893 Firmware 750 891 Firmware 750 890 Firmware 750 889 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-30190 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 750 893 Firmware 750 891 Firmware 750 890 Firmware 750 889 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-30189 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 893 Firmware 750 891 Firmware 750 890 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-30188 CRITICAL Act Now

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 893 Firmware 750 891 Firmware 750 890 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-33570 MEDIUM POC This Month

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL XSS Postbird
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.6%
CVE-2021-25935 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-25934 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-32640 MEDIUM POC PATCH This Month

ws is an open source WebSocket client and server library for Node.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Ws E Series Performance Analyzer
NVD GitHub
CVSS 3.1
5.3
EPSS
2.8%
CVE-2021-21658 CRITICAL PATCH Act Now

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Nuget
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-30194 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 750 893 Firmware 750 891 Firmware 750 890 Firmware +25
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-21657 HIGH PATCH This Week

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Filesystem Trigger
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-32638 MEDIUM POC PATCH This Month

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Codeql Action
NVD GitHub
CVSS 3.1
4.4
EPSS
0.4%
CVE-2021-21659 HIGH PATCH This Week

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Urltrigger
NVD
CVSS 3.1
8.1
EPSS
66.8%
CVE-2021-20209 HIGH PATCH This Week

A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Privoxy
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-3320 HIGH This Week

Type Confusion in 802154 ACK Frames Handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-23937 HIGH PATCH This Week

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Information Disclosure Wicket
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-27823 HIGH This Week

An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Netwave System
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-30195 HIGH This Week

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 750 893 Firmware 750 891 Firmware 750 890 Firmware +26
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2021-30191 HIGH This Week

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 750 893 Firmware 750 891 Firmware 750 890 Firmware 750 889 Firmware +24
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-30186 HIGH This Week

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 893 Firmware 750 891 Firmware 750 890 Firmware +26
NVD
CVSS 3.1
7.5
EPSS
7.4%
CVE-2021-29708 MEDIUM This Month

IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-29202 MEDIUM This Month

A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-29695 MEDIUM This Month

IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal 8335 Gca Firmware 8335 Gta Firmware 8335 Gtb Firmware
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-27821 MEDIUM This Month

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Luci
NVD VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33425 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Openwrt
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-21660 MEDIUM PATCH This Month

Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Markdown Formatter
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-30187 MEDIUM This Month

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection 750 893 Firmware 750 891 Firmware 750 890 Firmware 750 889 Firmware +24
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2021-29211 MEDIUM This Month

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-29210 MEDIUM This Month

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-29209 MEDIUM This Month

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-29208 MEDIUM This Month

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-29207 MEDIUM This Month

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-29206 MEDIUM This Month

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-29205 MEDIUM This Month

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-29204 MEDIUM This Month

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-29201 MEDIUM This Month

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5
NVD
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy