Skip to main content
CVE-2021-39208 MEDIUM POC PATCH This Month

SharpCompress is a fully managed C# library to deal with many compression types and formats. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Sharpcompress
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-40067 MEDIUM This Month

The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mobility
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-34572 MEDIUM This Month

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ewm
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-34571 MEDIUM This Month

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ewm
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-27340 MEDIUM PATCH This Month

OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-34573 MEDIUM This Month

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ewm
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29842 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-40066 MEDIUM This Month

The access controls on the Mobility read-only API improperly validate user access permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mobility
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-29763 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
5.1
EPSS
0.3%
CVE-2021-29752 MEDIUM This Month

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Db2
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2021-34576 MEDIUM This Month

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Picoflux Air Firmware
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy