Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2021-40870 KEV |
|
[KEV] Vulnerability in aviatrix (CVE-2021-40870)
vulnerability in aviatrix (CVE-2021-40870). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-21975 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Vmware vrealize-operations-manager-api (CVE-2021-21975)
SSRF in Vmware vrealize-operations-manager-api (CVE-2021-21975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-14864 KEV |
|
[KEV] Path Traversal in Oracle intelligence-enterprise-edition (CVE-2020-14864)
path traversal in Oracle intelligence-enterprise-edition (CVE-2020-14864). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-32648 KEV |
|
[KEV] Authentication Bypass in October cms october-cms (CVE-2021-32648)
authentication bypass in October cms october-cms (CVE-2021-32648). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-33766 KEV |
|
[KEV] Authentication Bypass in Microsoft exchange-server (CVE-2021-33766)
authentication bypass in Microsoft exchange-server (CVE-2021-33766). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-22991 KEV |
|
[KEV] Buffer Overflow in F5 big-ip-traffic-management-microkernel (CVE-2021-22991)
vulnerability in F5 big-ip-traffic-management-microkernel (CVE-2021-22991). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-45422 |
|
Cross-Site Scripting (XSS) in reprisesoftware (CVE-2021-45422)
cross-site scripting in reprisesoftware (CVE-2021-45422). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-40327 |
|
Vulnerability in trustedfirmware (CVE-2021-40327)
vulnerability in trustedfirmware (CVE-2021-40327). Confidential information can be exposed externally.
|
| CVE-2021-45806 |
|
Code Injection in jpress (CVE-2021-45806)
code injection in jpress (CVE-2021-45806). Successful exploitation can lead to full system takeover.
|
| CVE-2018-13383 KEV |
|
[KEV] Out-of-Bounds Write in Fortinet fortios-and-fortiproxy (CVE-2018-13383)
out-of-bounds write in Fortinet fortios-and-fortiproxy (CVE-2018-13383). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-7450 KEV |
|
[KEV] Code Injection in Ibm websphere-application-server-and-server-hypervisor-edition (CVE-2015-7450)
code injection in Ibm websphere-application-server-and-server-hypervisor-edition (CVE-2015-7450). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-7609 KEV |
|
[KEV] Code Injection in Elastic kibana (CVE-2019-7609)
code injection in Elastic kibana (CVE-2019-7609). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-22017 KEV |
|
[KEV] Vulnerability in Vmware vcenter-server (CVE-2021-22017)
vulnerability in Vmware vcenter-server (CVE-2021-22017). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-13382 KEV |
|
[KEV] Vulnerability in Fortinet fortios-and-fortiproxy (CVE-2018-13382)
vulnerability in Fortinet fortios-and-fortiproxy (CVE-2018-13382). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-3900 KEV |
|
[KEV] Vulnerability in Microsoft winverifytrust-function (CVE-2013-3900)
vulnerability in Microsoft winverifytrust-function (CVE-2013-3900). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-9670 KEV |
|
[KEV] XXE (XML External Entity) in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9670)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9670). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-36260 KEV |
|
[KEV] OS Command Injection in Hikvision security-cameras-web-server (CVE-2021-36260)
OS command injection in Hikvision security-cameras-web-server (CVE-2021-36260). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-10149 KEV |
|
[KEV] OS Command Injection in Exim mail-transfer-agent-mta (CVE-2019-10149)
OS command injection in Exim mail-transfer-agent-mta (CVE-2019-10149). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-6572 KEV |
|
[KEV] Use-After-Free in Google chrome-media (CVE-2020-6572)
vulnerability in Google chrome-media (CVE-2020-6572). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-2725 KEV |
|
[KEV] Vulnerability in Oracle weblogic-server (CVE-2019-2725)
vulnerability in Oracle weblogic-server (CVE-2019-2725). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-27860 KEV |
|
[KEV] Unrestricted File Upload in Fatpipe warp (CVE-2021-27860)
vulnerability in Fatpipe warp (CVE-2021-27860). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-1579 KEV |
|
[KEV] Vulnerability in Palo alto networks palo-alto-networks (CVE-2019-1579)
vulnerability in Palo alto networks palo-alto-networks (CVE-2019-1579). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-1000486 KEV |
|
[KEV] Vulnerability in Primetek primefaces-application (CVE-2017-1000486)
vulnerability in Primetek primefaces-application (CVE-2017-1000486). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-43677 |
|
Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.
Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.
|
| CVE-2021-44674 |
|
Path Traversal in opmantek (CVE-2021-44674)
path traversal in opmantek (CVE-2021-44674). Confidential information can be exposed externally.
|
| CVE-2021-44832 |
|
Vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832)
vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.17.1` or later.
|
| CVE-2020-20425 |
|
Cross-Site Scripting (XSS) in s-cms (CVE-2020-20425)
cross-site scripting in s-cms (CVE-2020-20425). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-45418 |
|
Path Traversal in path-traversal (CVE-2021-45418)
path traversal in path-traversal (CVE-2021-45418). Successful exploitation can lead to full system takeover.
|
| CVE-2020-20426 |
|
Cross-Site Scripting (XSS) in s-cms (CVE-2020-20426)
cross-site scripting in s-cms (CVE-2020-20426). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-44732 |
|
Vulnerability in arm (CVE-2021-44732)
vulnerability in arm (CVE-2021-44732). Successful exploitation can lead to full system takeover.
|
| CVE-2021-45105 |
|
Vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-45105)
vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-45105). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.3.1` or later.
|
| CVE-2021-41451 |
|
Vulnerability in tp-link (CVE-2021-41451)
vulnerability in tp-link (CVE-2021-41451). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-42912 |
|
OS Command Injection in fiberhome (CVE-2021-42912)
OS command injection in fiberhome (CVE-2021-42912). Successful exploitation can lead to full system takeover.
|
| CVE-2021-26787 |
|
Cross-Site Scripting (XSS) in genesys (CVE-2021-26787)
cross-site scripting in genesys (CVE-2021-26787). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-36450 |
|
Cross-Site Scripting (XSS) in verint (CVE-2021-36450)
cross-site scripting in verint (CVE-2021-36450). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-42216 |
|
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
|
| CVE-2021-4102 KEV |
|
[KEV] Use-After-Free in Google chromium-v8 (CVE-2021-4102)
vulnerability in Google chromium-v8 (CVE-2021-4102). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-10228 |
|
Cross-Site Scripting (XSS) in limesurvey (CVE-2018-10228)
cross-site scripting in limesurvey (CVE-2018-10228). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-4104 |
|
Unsafe Deserialization in apache (CVE-2021-4104)
vulnerability in apache (CVE-2021-4104). Successful exploitation can lead to full system takeover.
|
| CVE-2019-0193 KEV |
|
[KEV] Code Injection in Apache solr (CVE-2019-0193)
code injection in Apache solr (CVE-2019-0193). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-12149 KEV |
|
[KEV] Unsafe Deserialization in Red hat red-hat (CVE-2017-12149)
vulnerability in Red hat red-hat (CVE-2017-12149). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-17463 KEV |
|
[KEV] SQL Injection in Fuel cms fuel-cms (CVE-2020-17463)
SQL injection in Fuel cms fuel-cms (CVE-2020-17463). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-17562 KEV |
|
[KEV] Vulnerability in Embedthis goahead (CVE-2017-17562)
vulnerability in Embedthis goahead (CVE-2017-17562). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2010-1871 KEV |
|
[KEV] Vulnerability in Red hat red-hat (CVE-2010-1871)
vulnerability in Red hat red-hat (CVE-2010-1871). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44228 KEV |
|
[KEV] Vulnerability in Apache log4j2 (CVE-2021-44228)
vulnerability in Apache log4j2 (CVE-2021-44228). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-35394 KEV |
|
[KEV] OS Command Injection in Realtek jungle-software-development-kit-sdk (CVE-2021-35394)
OS command injection in Realtek jungle-software-development-kit-sdk (CVE-2021-35394). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-8816 KEV |
|
[KEV] OS Command Injection in Pi-hole adminlte (CVE-2020-8816)
OS command injection in Pi-hole adminlte (CVE-2020-8816). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-13272 KEV |
|
[KEV] Privilege Escalation in Linux kernel (CVE-2019-13272)
vulnerability in Linux kernel (CVE-2019-13272). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44168 KEV |
|
[KEV] Vulnerability in Fortinet fortios (CVE-2021-44168)
vulnerability in Fortinet fortios (CVE-2021-44168). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-41449 |
|
Path Traversal in path-traversal (CVE-2021-41449)
path traversal in path-traversal (CVE-2021-41449). Confidential information can be exposed externally.
|