Skip to main content
CVE-2021-20096 HIGH POC This Week

Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Openoversight
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-21657 HIGH PATCH This Week

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Filesystem Trigger
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21659 HIGH PATCH This Week

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Urltrigger
NVD
CVSS 3.1
8.1
EPSS
66.8%
CVE-2021-20209 HIGH PATCH This Week

A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Privoxy
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-3320 HIGH This Week

Type Confusion in 802154 ACK Frames Handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-23937 HIGH PATCH This Week

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Information Disclosure Wicket
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-27823 HIGH This Week

An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Netwave System
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-30195 HIGH This Week

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 750 893 Firmware 750 891 Firmware 750 890 Firmware +26
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2021-30191 HIGH This Week

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 750 893 Firmware 750 891 Firmware 750 890 Firmware 750 889 Firmware +24
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-30186 HIGH This Week

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 893 Firmware 750 891 Firmware 750 890 Firmware +26
NVD
CVSS 3.1
7.5
EPSS
7.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy