Skip to main content
CVE-2021-41014 HIGH PATCH This Week

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fortinet Fortiweb
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-26108 HIGH PATCH This Week

A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Fortinet Authentication Bypass Fortios
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20041 HIGH This Week

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware Sma 400 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2021-20040 HIGH This Week

A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware Sma 400 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
25.8%
CVE-2021-44725 HIGH This Week

KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Knime Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41311 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-37069 HIGH This Week

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Huawei Race Condition Harmonyos Emui +1
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-44420 HIGH PATCH This Week

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Authentication Bypass Django Satellite Debian Linux +2
NVD
CVSS 3.1
7.3
EPSS
2.3%
CVE-2021-23862 HIGH This Week

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Bosch Video Management System Video Recording Manager Videojet Decoder 7513 Firmware Videojet Decoder 8000 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy