Skip to main content
CVE-2021-23418 CRITICAL POC PATCH Act Now

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Glances
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-21538 CRITICAL PATCH Act Now

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Authentication Bypass Idrac9 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2021-37578 CRITICAL PATCH Act Now

Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Apache Java Juddi
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-36741 HIGH KEV THREAT This Week

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro File Upload Officescan Officescan Business Security Apex One +1
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2021-25273 MEDIUM POC This Month

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos XSS Unified Threat Management
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-36742 HIGH KEV THREAT This Week

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Officescan Officescan Business Security Apex One +1
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-21546 MEDIUM PATCH This Month

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20505 MEDIUM This Month

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Microsoft Information Disclosure Powervm Hypervisor
NVD
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy