Skip to main content
CVE-2021-43778 HIGH POC PATCH THREAT This Week

Barcode is a GLPI plugin for printing barcodes and QR codes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Path Traversal Barcode
NVD GitHub
CVSS 3.1
7.5
EPSS
52.7%
CVE-2021-36917 HIGH POC This Week

WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Hide My Wp
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-41268 HIGH PATCH This Week

Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PHP Session Fixation Symfony
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-22957 HIGH PATCH This Week

A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-43780 HIGH PATCH This Week

Redash is a package for data visualization and sharing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Redash
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-20846 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Push Notifications For Wordpress
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-20845 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Unlimited Sitemap Generator
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-28708 HIGH PATCH This Week

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-28707 HIGH PATCH This Week

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-28704 HIGH PATCH This Week

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-28706 HIGH PATCH This Week

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
8.6
EPSS
2.1%
CVE-2021-42306 HIGH PATCH This Week

An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Microsoft Information Disclosure Azure Active Directory Azure Active Site Recovery Azure Automation +1
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2021-38873 HIGH PATCH This Week

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Planning Analytics
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31822 HIGH This Week

When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Tentacle
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28709 HIGH PATCH This Week

issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28705 HIGH PATCH This Week

issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-34424 HIGH This Week

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google HP Apple Microsoft +30
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-21980 HIGH PATCH This Week

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2021-3553 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Endpoint Security Tools Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3552 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Endpoint Security Tools Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20835 HIGH This Week

Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Mercari
NVD
CVSS 3.1
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy