Skip to main content

E Series Performance Analyzer

57 CVEs product

Monthly

CVE-2022-23491 PyPI HIGH PATCH This Week

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Certifi E Series Performance Analyzer +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-45061 HIGH POC This Week

An issue was discovered in Python before 3.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Fedora Active Iq Unified Manager E Series Performance Analyzer +5
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-31123 Go HIGH PATCH This Week

Grafana is an open source observability and data visualization platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Grafana Jwt Attack E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31107 Go HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Grafana E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-31097 Go HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Grafana E Series Performance Analyzer
NVD GitHub
CVSS 3.1
8.7
EPSS
68.6%
CVE-2021-4044 Cargo HIGH PATCH This Week

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Cloud Backup E Series Performance Analyzer Ontap Select Deploy Administration Utility +12
NVD
CVSS 3.1
7.5
EPSS
50.1%
CVE-2021-26707 npm CRITICAL PATCH Act Now

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Node.js Information Disclosure Merge Deep E Series Performance Analyzer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-33587 npm HIGH PATCH This Week

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Css What E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-33623 npm HIGH PATCH This Week

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Trim Newlines E Series Performance Analyzer Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-32640 npm MEDIUM POC PATCH This Month

ws is an open source WebSocket client and server library for Node.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Ws E Series Performance Analyzer
NVD GitHub
CVSS 3.1
5.3
EPSS
2.8%
CVE-2021-23383 npm CRITICAL POC PATCH Act Now

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Handlebars E Series Performance Analyzer
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-28165 Maven HIGH POC PATCH THREAT This Week

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jetty Autovue For Agile Product Lifecycle Management Communications Cloud Native Core Policy Communications Element Manager +17
NVD GitHub
CVSS 3.1
7.5
EPSS
53.9%
CVE-2021-28164 Maven MEDIUM POC PATCH THREAT This Month

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty Cloud Manager E Series Performance Analyzer E Series Santricity Os Controller +13
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
82.4%
CVE-2021-28163 Maven LOW POC PATCH Monitor

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Jetty Fedora Ignite Solr +19
NVD GitHub
CVSS 3.1
2.7
EPSS
4.2%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-21267 npm HIGH POC PATCH This Week

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Schema Inspector E Series Performance Analyzer Oncommand Insight
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-27358 Go HIGH POC PATCH THREAT This Week

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Denial Of Service E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
83.0%
CVE-2021-20231 CRITICAL POC PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Gnutls +4
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-22884 HIGH POC PATCH THREAT This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Authentication Bypass Node Js Fedora Active Iq Unified Manager +10
NVD
CVSS 3.1
7.5
EPSS
32.4%
CVE-2021-22883 HIGH PATCH This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js Fedora E Series Performance Analyzer +6
NVD
CVSS 3.1
7.5
EPSS
77.4%
CVE-2021-27219 HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-27218 HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-14782 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +14
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2020-11110 Go MEDIUM POC PATCH This Month

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Grafana E Series Performance Analyzer
NVD GitHub
CVSS 3.1
5.4
EPSS
9.6%
CVE-2020-14664 HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
4.2%
CVE-2020-14621 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +21
NVD
CVSS 3.1
5.3
EPSS
4.3%
CVE-2020-14593 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Openjdk Jdk +18
NVD
CVSS 3.1
7.4
EPSS
3.9%
CVE-2020-14583 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Openjdk Jdk +18
NVD
CVSS 3.1
8.3
EPSS
4.0%
CVE-2020-14581 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Openjdk Jdk +19
NVD
CVSS 3.1
3.7
EPSS
3.3%
CVE-2020-14579 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Openjdk Jdk +19
NVD
CVSS 3.1
3.7
EPSS
4.0%
CVE-2020-14578 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Openjdk Jdk +19
NVD
CVSS 3.1
3.7
EPSS
4.0%
CVE-2020-14577 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Openjdk Jdk +18
NVD
CVSS 3.1
3.7
EPSS
3.3%
CVE-2020-14556 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Openjdk Jdk +18
NVD
CVSS 3.1
4.8
EPSS
3.0%
CVE-2020-13379 Go HIGH POC PATCH THREAT This Week

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana SSRF Fedora E Series Performance Analyzer Leap +1
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
99.9%
CVE-2020-1967 Cargo HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL Debian Linux Freebsd +23
NVD GitHub
CVSS 3.1
7.5
EPSS
53.3%
CVE-2020-2830 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle Jdk Jre +19
NVD
CVSS 3.1
5.3
EPSS
4.9%
CVE-2020-2816 HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +17
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-2805 HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +18
NVD
CVSS 3.1
8.3
EPSS
4.1%
CVE-2020-2803 HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +18
NVD
CVSS 3.1
8.3
EPSS
6.2%
CVE-2020-2800 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
4.8
EPSS
2.9%
CVE-2020-2781 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Oracle Jdk Jre +19
NVD
CVSS 3.1
5.3
EPSS
4.9%
CVE-2020-2778 LOW Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
3.7
EPSS
2.3%
CVE-2020-2773 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Jdk Jre +19
NVD
CVSS 3.1
3.7
EPSS
3.6%
CVE-2020-2767 MEDIUM This Month

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
4.8
EPSS
2.1%
CVE-2020-2757 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Java Denial Of Service Deserialization Jdk +20
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2020-2756 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Java Denial Of Service Deserialization Jdk +19
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2020-2755 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Jdk Jre +18
NVD
CVSS 3.1
3.7
EPSS
3.9%
CVE-2020-2659 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +21
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2020-2654 LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +21
NVD
CVSS 3.1
3.7
EPSS
3.8%
CVE-2020-2604 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Oracle Java Deserialization Commerce Experience Manager Commerce Guided Search +25
NVD
CVSS 3.1
8.1
EPSS
4.9%
CVE-2020-2601 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +21
NVD
CVSS 3.1
6.8
EPSS
4.2%
CVE-2020-2593 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +22
NVD
CVSS 3.1
4.8
EPSS
3.0%
CVE-2020-2590 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +22
NVD
CVSS 3.1
3.7
EPSS
3.1%
CVE-2020-2585 MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +12
NVD
CVSS 3.1
5.9
EPSS
3.3%
CVE-2020-2583 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +22
NVD
CVSS 3.1
3.7
EPSS
4.0%
CVE-2019-13272 HIGH POC KEV PATCH THREAT Act Now

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +19
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
52.2%
CVE-2019-13118 Ruby MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt Leap Active Iq Unified Manager +22
NVD VulDB
CVSS 3.1
5.3
EPSS
1.0%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla +4
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in Python before 3.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Fedora +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Grafana is an open source observability and data visualization platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Grafana Jwt Attack +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Grafana E Series Performance Analyzer
NVD GitHub
EPSS 69% CVSS 8.7
HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Grafana E Series Performance Analyzer
NVD GitHub
EPSS 50% CVSS 7.5
HIGH PATCH This Week

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Cloud Backup +14
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Node.js Information Disclosure +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Css What +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Trim Newlines +2
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC PATCH This Month

ws is an open source WebSocket client and server library for Node.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Ws +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Handlebars +1
NVD GitHub
EPSS 54% CVSS 7.5
HIGH POC PATCH THREAT This Week

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jetty Autovue For Agile Product Lifecycle Management +19
NVD GitHub
EPSS 82% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty Cloud Manager +15
NVD GitHub Exploit-DB
EPSS 4% CVSS 2.7
LOW POC PATCH Monitor

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Jetty Fedora +21
NVD GitHub
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Schema Inspector +2
NVD GitHub
EPSS 83% CVSS 7.5
HIGH POC PATCH THREAT This Week

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Denial Of Service E Series Performance Analyzer
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption +6
NVD
EPSS 32% CVSS 7.5
HIGH POC PATCH THREAT This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Authentication Bypass Node Js +12
NVD
EPSS 77% CVSS 7.5
HIGH PATCH This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js +8
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora +5
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora +5
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +16
NVD
EPSS 10% CVSS 5.4
MEDIUM POC PATCH This Month

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Grafana E Series Performance Analyzer
NVD GitHub
EPSS 4% CVSS 8.3
HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure +15
NVD
EPSS 4% CVSS 5.3
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +23
NVD
EPSS 4% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +20
NVD
EPSS 4% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +20
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +21
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +21
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +21
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +20
NVD
EPSS 3% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +20
NVD
EPSS 100% CVSS 8.2
HIGH POC PATCH THREAT This Week

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana SSRF Fedora +3
NVD Exploit-DB
EPSS 53% CVSS 7.5
HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL +25
NVD GitHub
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle +21
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +19
NVD
EPSS 4% CVSS 8.3
HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure +20
NVD
EPSS 6% CVSS 8.3
HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure +20
NVD
EPSS 3% CVSS 4.8
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +20
NVD
EPSS 5% CVSS 5.3
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Oracle +21
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +20
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +21
NVD
EPSS 2% CVSS 4.8
MEDIUM This Month

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +20
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Java Denial Of Service +22
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Java Denial Of Service +21
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +20
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +23
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +23
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Oracle Java Deserialization +27
NVD
EPSS 4% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +23
NVD
EPSS 3% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +24
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +24
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +14
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +24
NVD
EPSS 52% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +21
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt +24
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy