Skip to main content
CVE-2021-2322 HIGH This Week

Vulnerability in OpenGrok (component: Web App). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Opengrok
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-31586 HIGH This Week

Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Kiteworks
NVD GitHub
CVSS 3.1
8.8
EPSS
44.1%
CVE-2021-21999 HIGH PATCH This Week

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft OpenSSL VMware App Volumes +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-20019 HIGH This Week

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29620 HIGH PATCH This Week

Report portal is an open source reporting and analysis framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Service Api
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-29087 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Path Traversal Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29086 HIGH This Week

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Information Disclosure Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-29085 HIGH This Week

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Code Injection Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-29084 HIGH This Week

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Code Injection Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-28976 HIGH POC This Week

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Getsimplecms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
7.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy