Skip to main content
CVE-2021-41366 HIGH PATCH This Week

Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows 11 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-40442 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-36957 HIGH PATCH This Week

Windows Desktop Bridge Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41372 HIGH PATCH This Week

A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

CSRF Privilege Escalation XSS Power Bi Report Server
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2021-40873 HIGH This Week

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Datafeed Opc Suite Edgeconnector Opc Secure Integration Server +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40872 HIGH This Week

An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Smartlink Hw Dp Uatoolkit Embedded
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-40871 HIGH This Week

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Datafeed Opc Suite Opc Secure Integration Server +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3063 HIGH This Week

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-43564 HIGH PATCH This Week

An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Job Fair
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-34598 HIGH This Week

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fl Mguard 1102 Firmware Fl Mguard 1105 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-42291 HIGH PATCH This Week

Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows Server Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-42287 HIGH KEV PATCH THREAT This Week

Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.5
EPSS
74.3%
CVE-2021-42282 HIGH PATCH This Week

Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows Server Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-42278 HIGH KEV PATCH THREAT This Week

Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Windows Server 2004 Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.5
EPSS
70.2%
CVE-2021-41356 HIGH PATCH This Week

Windows Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-38665 HIGH PATCH This Week

Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Remote Desktop Client Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.4
EPSS
6.2%
CVE-2021-3061 HIGH This Week

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Prisma Access Pan Os
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-3058 HIGH This Week

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-42284 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
3.4%
CVE-2021-42274 MEDIUM PATCH This Month

Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-41374 MEDIUM PATCH This Month

Azure Sphere Information Disclosure Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2021-42304 MEDIUM PATCH This Month

Azure RTOS Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Azure Real Time Operating System
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2021-42303 MEDIUM PATCH This Month

Azure RTOS Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Azure Real Time Operating System
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2021-42302 MEDIUM PATCH This Month

Azure RTOS Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Azure Real Time Operating System
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2021-38887 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22870 MEDIUM This Month

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-42305 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
8.1%
CVE-2021-41368 MEDIUM PATCH This Month

Microsoft Access Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-42300 MEDIUM PATCH This Month

Azure Sphere Tampering Vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-3572 MEDIUM PATCH This Month

A flaw was found in python-pip in the way it handled Unicode separators in git references. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Pip Agile Plm Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD
CVSS 3.1
5.7
EPSS
1.7%
CVE-2021-42288 MEDIUM PATCH This Month

Windows Hello Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-42111 MEDIUM This Month

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Openotp Token
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-32022 MEDIUM This Month

A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Protect
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-42280 MEDIUM PATCH This Month

Windows Feedback Hub Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-42277 MEDIUM PATCH This Month

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Visual Studio Visual Studio 2017 Visual Studio 2019 Windows 10 +4
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-41379 MEDIUM KEV PATCH THREAT This Month

Windows Installer Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +15
NVD
CVSS 3.1
5.5
EPSS
20.1%
CVE-2021-41373 MEDIUM PATCH This Month

FSLogix Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Fslogix
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-43561 MEDIUM PATCH This Month

An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS Google For Jobs
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-25975 MEDIUM PATCH This Month

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Publify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25974 MEDIUM PATCH This Month

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Publify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40504 MEDIUM This Month

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-34582 MEDIUM This Month

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fl Mguard 1102 Firmware Fl Mguard 1105 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2021-42319 MEDIUM PATCH This Month

Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.7). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Visual Studio 2017 Visual Studio 2019
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2021-41375 MEDIUM PATCH This Month

Azure Sphere Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
4.4
EPSS
0.8%
CVE-2021-41371 MEDIUM PATCH This Month

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
4.4
EPSS
1.4%
CVE-2021-38631 MEDIUM PATCH This Month

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
4.4
EPSS
1.6%
CVE-2021-42062 MEDIUM This Month

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp Human Capital Management
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-41351 MEDIUM PATCH This Month

Microsoft Edge (Chrome based) Spoofing on IE Mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
4.3
EPSS
3.6%
CVE-2021-42279 MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
4.2
EPSS
1.9%
CVE-2021-42323 LOW PATCH Monitor

Azure RTOS Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Azure Real Time Operating System
NVD
CVSS 3.1
3.3
EPSS
1.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy