Skip to main content
CVE-2021-43397 HIGH POC This Week

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Liquidfiles
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-25980 HIGH PATCH This Week

In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Talkyard
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-3909 HIGH PATCH This Week

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3908 HIGH PATCH This Week

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-26558 HIGH This Week

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Shardingsphere Ui
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-34420 HIGH This Week

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jwt Attack Zoom Client For Meetings
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-34417 HIGH This Week

The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zoom On Premise Meeting Connector Controller Zoom On Premise Meeting Connector Mmr Zoom On Premise Recording Connector Zoom On Premise Virtual Room Connector +1
NVD
CVSS 3.1
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy