Skip to main content
CVE-2021-40309 HIGH POC This Week

A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-28130 HIGH POC This Week

Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Security Space
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-40655 HIGH POC KEV THREAT This Week

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Authentication Bypass Dir 605l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
87.0%
CVE-2021-40654 MEDIUM POC This Month

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Information Disclosure Authentication Bypass Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-36749 MEDIUM POC PATCH THREAT This Month

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Druid
NVD
CVSS 3.1
6.5
EPSS
81.0%
CVE-2021-39246 MEDIUM POC PATCH This Month

Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tor Browser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-22869 CRITICAL Act Now

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-41581 MEDIUM POC This Month

x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libressl
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-40310 MEDIUM POC This Month

OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-40102 CRITICAL Act Now

An issue was discovered in Concrete CMS through 8.5.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Concrete Cms
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-41588 HIGH This Week

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Java Gradle
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-41504 HIGH This Week

An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Information Disclosure Dcs 932l Firmware Dcs 5000L Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-41503 HIGH This Week

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dcs 932l Firmware Dcs 5000L Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-2464 HIGH PATCH This Week

Vulnerability in Oracle Linux (component: OSwatcher). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Oracle Information Disclosure Engineered Systems Utilities Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-41587 HIGH This Week

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gradle
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-41586 HIGH This Week

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gradle
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-41584 HIGH This Week

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gradle
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40099 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-41583 MEDIUM This Month

vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Debian Information Disclosure Vpn User Portal
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-40100 MEDIUM This Month

An issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31923 MEDIUM This Month

Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Pingaccess
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-22868 MEDIUM This Month

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy