Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2021-40870 KEV [KEV] Vulnerability in aviatrix (CVE-2021-40870)
vulnerability in aviatrix (CVE-2021-40870). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-33766 KEV [KEV] Authentication Bypass in Microsoft exchange-server (CVE-2021-33766)
authentication bypass in Microsoft exchange-server (CVE-2021-33766). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-21975 KEV [KEV] SSRF (Server-Side Request Forgery) in Vmware vrealize-operations-manager-api (CVE-2021-21975)
SSRF in Vmware vrealize-operations-manager-api (CVE-2021-21975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-21315 KEV [KEV] OS Command Injection in Npm package npm-package (CVE-2021-21315)
OS command injection in Npm package npm-package (CVE-2021-21315). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22991 KEV [KEV] Buffer Overflow in F5 big-ip-traffic-management-microkernel (CVE-2021-22991)
vulnerability in F5 big-ip-traffic-management-microkernel (CVE-2021-22991). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-14864 KEV [KEV] Path Traversal in Oracle intelligence-enterprise-edition (CVE-2020-14864)
path traversal in Oracle intelligence-enterprise-edition (CVE-2020-14864). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-13671 KEV [KEV] Unrestricted File Upload in drupal (CVE-2020-13671)
vulnerability in drupal (CVE-2020-13671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-11978 KEV [KEV] OS Command Injection in Apache airflow (CVE-2020-11978)
OS command injection in Apache airflow (CVE-2020-11978). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-13927 KEV [KEV] Vulnerability in Apache airflows-experimental-api (CVE-2020-13927)
vulnerability in Apache airflows-experimental-api (CVE-2020-13927). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22017 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2021-22017)
vulnerability in Vmware vcenter-server (CVE-2021-22017). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-36260 KEV [KEV] OS Command Injection in Hikvision security-cameras-web-server (CVE-2021-36260)
OS command injection in Hikvision security-cameras-web-server (CVE-2021-36260). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-6572 KEV [KEV] Use-After-Free in Google chrome-media (CVE-2020-6572)
vulnerability in Google chrome-media (CVE-2020-6572). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-1458 KEV [KEV] Vulnerability in Microsoft win32k (CVE-2019-1458)
vulnerability in Microsoft win32k (CVE-2019-1458). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2013-3900 KEV [KEV] Vulnerability in Microsoft winverifytrust-function (CVE-2013-3900)
vulnerability in Microsoft winverifytrust-function (CVE-2013-3900). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-2725 KEV [KEV] Vulnerability in Oracle weblogic-server (CVE-2019-2725)
vulnerability in Oracle weblogic-server (CVE-2019-2725). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-9670 KEV [KEV] XXE (XML External Entity) in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9670)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9670). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-13382 KEV [KEV] Vulnerability in Fortinet fortios-and-fortiproxy (CVE-2018-13382)
vulnerability in Fortinet fortios-and-fortiproxy (CVE-2018-13382). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-13383 KEV [KEV] Out-of-Bounds Write in Fortinet fortios-and-fortiproxy (CVE-2018-13383)
out-of-bounds write in Fortinet fortios-and-fortiproxy (CVE-2018-13383). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-1579 KEV [KEV] Vulnerability in Palo alto networks palo-alto-networks (CVE-2019-1579)
vulnerability in Palo alto networks palo-alto-networks (CVE-2019-1579). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-10149 KEV [KEV] OS Command Injection in Exim mail-transfer-agent-mta (CVE-2019-10149)
OS command injection in Exim mail-transfer-agent-mta (CVE-2019-10149). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2015-7450 KEV [KEV] Code Injection in Ibm websphere-application-server-and-server-hypervisor-edition (CVE-2015-7450)
code injection in Ibm websphere-application-server-and-server-hypervisor-edition (CVE-2015-7450). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-1000486 KEV [KEV] Vulnerability in Primetek primefaces-application (CVE-2017-1000486)
vulnerability in Primetek primefaces-application (CVE-2017-1000486). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-7609 KEV [KEV] Code Injection in Elastic kibana (CVE-2019-7609)
code injection in Elastic kibana (CVE-2019-7609). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-27860 KEV [KEV] Unrestricted File Upload in Fatpipe warp (CVE-2021-27860)
vulnerability in Fatpipe warp (CVE-2021-27860). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-43890 KEV [KEV] Vulnerability in Microsoft windows (CVE-2021-43890)
vulnerability in Microsoft windows (CVE-2021-43890). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-4102 KEV [KEV] Use-After-Free in Google chromium-v8 (CVE-2021-4102)
vulnerability in Google chromium-v8 (CVE-2021-4102). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-44515 KEV [KEV] Vulnerability in Zoho desktop-central (CVE-2021-44515)
vulnerability in Zoho desktop-central (CVE-2021-44515). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-13272 KEV [KEV] Privilege Escalation in Linux kernel (CVE-2019-13272)
vulnerability in Linux kernel (CVE-2019-13272). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-35394 KEV [KEV] OS Command Injection in Realtek jungle-software-development-kit-sdk (CVE-2021-35394)
OS command injection in Realtek jungle-software-development-kit-sdk (CVE-2021-35394). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-7238 KEV [KEV] Vulnerability in Sonatype nexus-repository-manager (CVE-2019-7238)
vulnerability in Sonatype nexus-repository-manager (CVE-2019-7238). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-0193 KEV [KEV] Code Injection in Apache solr (CVE-2019-0193)
code injection in Apache solr (CVE-2019-0193). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-44168 KEV [KEV] Vulnerability in Fortinet fortios (CVE-2021-44168)
vulnerability in Fortinet fortios (CVE-2021-44168). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-17562 KEV [KEV] Vulnerability in Embedthis goahead (CVE-2017-17562)
vulnerability in Embedthis goahead (CVE-2017-17562). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-12149 KEV [KEV] Unsafe Deserialization in Red hat red-hat (CVE-2017-12149)
vulnerability in Red hat red-hat (CVE-2017-12149). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2010-1871 KEV [KEV] Vulnerability in Red hat red-hat (CVE-2010-1871)
vulnerability in Red hat red-hat (CVE-2010-1871). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-17463 KEV [KEV] SQL Injection in Fuel cms fuel-cms (CVE-2020-17463)
SQL injection in Fuel cms fuel-cms (CVE-2020-17463). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-8816 KEV [KEV] OS Command Injection in Pi-hole adminlte (CVE-2020-8816)
OS command injection in Pi-hole adminlte (CVE-2020-8816). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-10758 KEV [KEV] Vulnerability in Mongodb mongo-express (CVE-2019-10758)
vulnerability in Mongodb mongo-express (CVE-2019-10758). Risk of unauthorized operations or information disclosure. Exploitable via ``toBSON``. Listed in CISA KEV — actively exploited.
CVE-2021-44228 KEV [KEV] Vulnerability in Apache log4j2 (CVE-2021-44228)
vulnerability in Apache log4j2 (CVE-2021-44228). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-11261 KEV [KEV] Vulnerability in :linux_kernel:Qualcomm (CVE-2020-11261)
vulnerability in :linux_kernel:Qualcomm (CVE-2020-11261). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2021-01-05` or later.
CVE-2018-14847 KEV [KEV] Path Traversal in Mikrotik routeros (CVE-2018-14847)
path traversal in Mikrotik routeros (CVE-2018-14847). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-37415 KEV [KEV] Vulnerability in Zoho manageengine-servicedesk-plus-sdp (CVE-2021-37415)
vulnerability in Zoho manageengine-servicedesk-plus-sdp (CVE-2021-37415). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-40438 KEV [KEV] SSRF (Server-Side Request Forgery) in apache (CVE-2021-40438)
SSRF in apache (CVE-2021-40438). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-44077 KEV [KEV] Vulnerability in Zoho manageengine-servicedesk-plus-sdp-supportcenter-plus (CVE-2021-44077)
vulnerability in Zoho manageengine-servicedesk-plus-sdp-supportcenter-plus (CVE-2021-44077). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22204 KEV [KEV] Vulnerability in Perl exiftool (CVE-2021-22204)
vulnerability in Perl exiftool (CVE-2021-22204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-40449 KEV [KEV] Use-After-Free in Microsoft windows (CVE-2021-40449)
vulnerability in Microsoft windows (CVE-2021-40449). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42321 KEV [KEV] Vulnerability in Microsoft exchange (CVE-2021-42321)
vulnerability in Microsoft exchange (CVE-2021-42321). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42292 KEV [KEV] Vulnerability in Microsoft office (CVE-2021-42292)
vulnerability in Microsoft office (CVE-2021-42292). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-11652 KEV [KEV] Path Traversal in Saltstack salt (CVE-2020-11652)
path traversal in Saltstack salt (CVE-2020-11652). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2019.2.4, 3000.2` or later.
CVE-2020-11651 KEV [KEV] Vulnerability in Saltstack salt (CVE-2020-11651)
vulnerability in Saltstack salt (CVE-2020-11651). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2019.2.4, 3000.2` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →