Skip to main content
CVE-2021-28236 HIGH POC This Week

LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-25784 HIGH POC This Week

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-25783 HIGH POC This Week

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-44227 HIGH PATCH This Week

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mailman Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-40334 HIGH This Week

Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fox615 Firmware Xcm20 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43795 HIGH PATCH This Week

Armeria is an open source microservice framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Armeria
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-23263 HIGH This Week

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crafter Cms
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-23262 HIGH This Week

Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2021-23259 HIGH This Week

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-23258 HIGH This Week

Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-40333 HIGH This Week

Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Authentication Bypass Fox615 Firmware Xcm20 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy