Skip to main content
CVE-2021-36055 HIGH PATCH This Week

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-36052 HIGH PATCH This Week

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2021-36050 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-36049 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36048 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36047 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36046 HIGH PATCH This Week

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-36235 HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-40382 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
22.7%
CVE-2021-40381 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
22.7%
CVE-2021-40380 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
22.7%
CVE-2021-40379 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
21.6%
CVE-2021-36044 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-36030 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-33582 HIGH PATCH This Week

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imap Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-36002 HIGH PATCH This Week

Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Adobe Captivate
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2021-39115 HIGH This Week

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Java Jira Service Desk Jira Service Management
NVD
CVSS 3.1
7.2
EPSS
4.5%
CVE-2021-36042 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE File Upload Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-36041 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2021-36040 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-36035 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-36034 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2021-36033 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-36031 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Path Traversal Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-36029 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Authentication Bypass Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-36028 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-36025 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-36024 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-36022 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2021-36043 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Redis RCE SSRF Adobe Adobe Commerce +1
NVD
CVSS 3.1
6.6
EPSS
1.9%
CVE-2021-36039 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Adobe Authentication Bypass Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-36038 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-36037 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Adobe Information Disclosure Authentication Bypass Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-36012 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-36063 MEDIUM PATCH This Month

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-36062 MEDIUM PATCH This Month

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-36027 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-36026 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-36077 MEDIUM PATCH This Month

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Adobe Bridge
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2021-36058 MEDIUM PATCH This Month

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2021-36056 MEDIUM PATCH This Month

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2021-29852 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36061 MEDIUM PATCH This Month

Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Connect
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-39166 MEDIUM PATCH This Month

Pimcore is an open source data & experience management platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-39119 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Data Center Jira
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-37151 MEDIUM This Month

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-35238 MEDIUM This Month

User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Orion Platform
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-29853 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29851 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-36074 LOW PATCH Monitor

Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Bridge
NVD
CVSS 3.1
3.3
EPSS
1.8%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy