Skip to main content
CVE-2021-43358 HIGH This Week

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ehrd
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-34599 HIGH This Week

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-20854 MEDIUM This Month

ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-20853 MEDIUM This Month

ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-20852 MEDIUM This Month

Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-29849 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20847 MEDIUM This Month

Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wi Fi Station Sh 52A Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29779 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Microsoft Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-44479 MEDIUM This Month

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Kinetis K82 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-40154 MEDIUM This Month

NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Lpc55S69Jbd100 Firmware Lpc55S69Jbd64 Firmware Lpc55S69Jev98 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-25967 MEDIUM PATCH This Month

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Ckan
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20858 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc 2533Ghbk I Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20857 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc 2533Ghbk I Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20856 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20855 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43794 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-43793 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-43792 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29863 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-20862 MEDIUM This Month

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy