Skip to main content
CVE-2021-35413 HIGH POC PATCH This Week

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-3980 HIGH POC PATCH This Week

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Elgg
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-43415 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Nomad
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23562 HIGH PATCH This Week

This affects the package plupload before 2.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Plupload
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29756 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-44021 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44020 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44019 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-20470 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy