Skip to main content
CVE-2021-41293 HIGH POC THREAT This Week

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
7.5
EPSS
20.1%
CVE-2021-41291 HIGH POC THREAT This Week

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
7.5
EPSS
79.4%
CVE-2021-41829 HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-41828 HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2021-41827 HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2021-41298 HIGH This Week

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-41297 HIGH This Week

ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-41295 HIGH This Week

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-41824 HIGH PATCH This Week

Craft CMS before 3.7.14 allows CSV injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Craft Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-29894 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-41109 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41302 HIGH This Week

ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
7.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy