Skip to main content
CVE-2021-45099 HIGH POC This Week

The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ssh Web Terminal
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-42912 HIGH Act Now

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.8% and no vendor patch available.

Command Injection An5506 01 A Firmware An5506 01 B Firmware An5506 02 B Firmware An5506 04 B Firmware +2
NVD VulDB
CVSS 3.1
8.8
EPSS
13.8%
CVE-2021-44315 HIGH POC This Week

In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Bus Pass Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-38244 HIGH POC This Week

A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cbioportal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-45098 HIGH POC PATCH This Week

An issue was discovered in Suricata before 6.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Suricata Authentication Bypass Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-41262 HIGH PATCH This Week

Galette is a membership management web application built for non profit organizations and released under GPLv3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Galette
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-41260 HIGH PATCH This Week

Galette is a membership management web application built for non profit organizations and released under GPLv3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Galette
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-45102 HIGH This Week

An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Htcondor
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-43833 HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-45101 HIGH This Week

An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Htcondor
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-3960 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Gravityzone
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-41028 HIGH This Week

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Forticlient Forticlient Endpoint Management Server
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-37262 HIGH PATCH This Week

JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jfinal Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-3959 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-45100 HIGH PATCH This Week

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Microsoft Information Disclosure Ksmbd H410c Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-44023 HIGH This Week

A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2021 Internet Security 2021 Maximum Security 2021 +1
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy