Skip to main content
CVE-2021-27002 HIGH PATCH This Week

NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cloud Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25633 HIGH This Week

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-27665 HIGH This Week

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Exacqvision Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41832 HIGH This Week

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-41830 HIGH This Week

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-41799 HIGH This Week

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-0583 HIGH This Week

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2021-25738 MEDIUM PATCH This Month

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes RCE Java
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-32028 MEDIUM PATCH This Month

A flaw was found in postgresql. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PostgreSQL Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-35059 MEDIUM This Month

OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Way4
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-42134 MEDIUM PATCH This Month

The Unicorn framework before 0.36.1 for Django allows XSS via a component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Unicorn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-35060 MEDIUM This Month

/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Way4
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-41831 MEDIUM This Month

It is possible for an attacker to manipulate the timestamp of signed documents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-41800 MEDIUM PATCH This Month

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Mediawiki Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-42137 MEDIUM This Month

An issue was discovered in Zammad before 5.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
5.3
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy