Skip to main content
CVE-2020-25368 CRITICAL POC THREAT Emergency

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Command Injection D-Link Dir 823G Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
12.6%
CVE-2020-25367 CRITICAL POC THREAT Emergency

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

D-Link Command Injection Dir 823G Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
12.6%
CVE-2020-25366 CRITICAL POC Act Now

An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass D-Link Dir 823G Firmware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
3.3%
CVE-2021-42057 HIGH POC PATCH This Week

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Obsidian Dataview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-42624 HIGH POC This Week

A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Miniftpd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-43396 HIGH POC PATCH This Week

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Glibc Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function +3
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-21696 CRITICAL PATCH Act Now

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jenkins
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-21694 CRITICAL PATCH Act Now

FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-21693 CRITICAL PATCH Act Now

When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-21692 CRITICAL PATCH Act Now

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-21691 CRITICAL PATCH Act Now

Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-21690 CRITICAL PATCH Act Now

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-40119 CRITICAL Act Now

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Policy Suite
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-40113 CRITICAL PATCH Act Now

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Command Injection Authentication Bypass Catalyst Pon Switch Cgp Ont 1P Firmware Catalyst Pon Switch Cgp Ont 4P Firmware +3
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2021-34795 CRITICAL PATCH Act Now

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Command Injection Authentication Bypass Catalyst Pon Switch Cgp Ont 1P Firmware Catalyst Pon Switch Cgp Ont 4P Firmware +3
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-43389 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.14.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Enterprise Linux +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-43398 MEDIUM POC This Month

Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Crypto
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-43400 CRITICAL PATCH Act Now

An issue was discovered in gatt-database.c in BlueZ 5.61. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Bluez Debian Linux
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-21697 CRITICAL PATCH Act Now

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jenkins Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-21689 CRITICAL PATCH Act Now

FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2021-21687 CRITICAL PATCH Act Now

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-21685 CRITICAL PATCH Act Now

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-21695 HIGH PATCH This Week

FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-21686 HIGH PATCH This Week

File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-34739 HIGH This Week

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Authentication Bypass Sf250 24 Firmware Sf250 24P Firmware Sf250 48 Firmware +206
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-40124 HIGH This Week

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34597 HIGH This Week

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pc Worx Pc Worx Express
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-41247 HIGH PATCH This Week

JupyterHub is an open source multi-user server for Jupyter notebooks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyterhub
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-21698 HIGH PATCH This Week

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal Subversion
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-21688 HIGH PATCH This Week

The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40112 HIGH PATCH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Command Injection Authentication Bypass Catalyst Pon Switch Cgp Ont 1P Firmware Catalyst Pon Switch Cgp Ont 4P Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-34741 HIGH This Week

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Asyncos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-43281 HIGH PATCH This Week

MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Code Injection Mybb
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-40120 HIGH This Week

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Code Injection Ios Xr Application Extension Platform
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2021-39903 MEDIUM This Month

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-34773 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Communications Manager Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-34594 MEDIUM This Month

TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Tf6100 Firmware Ts6100 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-40115 MEDIUM This Month

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Collaboration Meeting Rooms Webex Video Mesh
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1500 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Collaboration Meeting Rooms Webex Video Mesh
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34784 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40128 MEDIUM This Month

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-40127 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sf200 24 Firmware Sf200 24Fp Firmware Sf200 24P Firmware +63
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-34774 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Common Services Platform Collector
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2021-34731 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Prime Access Registrar
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-41248 MEDIUM PATCH This Month

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Graphiql
NVD GitHub
CVSS 3.1
4.7
EPSS
1.0%
CVE-2021-41249 MEDIUM PATCH This Month

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Playground
NVD GitHub
CVSS 3.1
4.7
EPSS
1.2%
CVE-2021-39914 MEDIUM This Month

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-39902 MEDIUM This Month

Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-43293 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-40126 MEDIUM This Month

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Umbrella
NVD
CVSS 3.1
4.3
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy