Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2021-4104 Unsafe Deserialization in apache (CVE-2021-4104)
vulnerability in apache (CVE-2021-4104). Successful exploitation can lead to full system takeover.
CVE-2021-44515 KEV [KEV] Vulnerability in Zoho desktop-central (CVE-2021-44515)
vulnerability in Zoho desktop-central (CVE-2021-44515). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-13272 KEV [KEV] Privilege Escalation in Linux kernel (CVE-2019-13272)
vulnerability in Linux kernel (CVE-2019-13272). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-35394 KEV [KEV] OS Command Injection in Realtek jungle-software-development-kit-sdk (CVE-2021-35394)
OS command injection in Realtek jungle-software-development-kit-sdk (CVE-2021-35394). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-7238 KEV [KEV] Vulnerability in Sonatype nexus-repository-manager (CVE-2019-7238)
vulnerability in Sonatype nexus-repository-manager (CVE-2019-7238). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-0193 KEV [KEV] Code Injection in Apache solr (CVE-2019-0193)
code injection in Apache solr (CVE-2019-0193). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-44168 KEV [KEV] Vulnerability in Fortinet fortios (CVE-2021-44168)
vulnerability in Fortinet fortios (CVE-2021-44168). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-17562 KEV [KEV] Vulnerability in Embedthis goahead (CVE-2017-17562)
vulnerability in Embedthis goahead (CVE-2017-17562). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-12149 KEV [KEV] Unsafe Deserialization in Red hat red-hat (CVE-2017-12149)
vulnerability in Red hat red-hat (CVE-2017-12149). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2010-1871 KEV [KEV] Vulnerability in Red hat red-hat (CVE-2010-1871)
vulnerability in Red hat red-hat (CVE-2010-1871). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-17463 KEV [KEV] SQL Injection in Fuel cms fuel-cms (CVE-2020-17463)
SQL injection in Fuel cms fuel-cms (CVE-2020-17463). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-8816 KEV [KEV] OS Command Injection in Pi-hole adminlte (CVE-2020-8816)
OS command injection in Pi-hole adminlte (CVE-2020-8816). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-10758 KEV [KEV] Vulnerability in Mongodb mongo-express (CVE-2019-10758)
vulnerability in Mongodb mongo-express (CVE-2019-10758). Risk of unauthorized operations or information disclosure. Exploitable via ``toBSON``. Listed in CISA KEV — actively exploited.
CVE-2021-44228 KEV [KEV] Vulnerability in Apache log4j2 (CVE-2021-44228)
vulnerability in Apache log4j2 (CVE-2021-44228). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-41449 Path Traversal in path-traversal (CVE-2021-41449)
path traversal in path-traversal (CVE-2021-41449). Confidential information can be exposed externally.
CVE-2021-41450 Vulnerability in dos (CVE-2021-41450)
vulnerability in dos (CVE-2021-41450). Risk of unauthorized operations or information disclosure.
CVE-2021-44149 An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resu...
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operat...
CVE-2021-36133 Vulnerability in trustedfirmware (CVE-2021-36133)
vulnerability in trustedfirmware (CVE-2021-36133). Confidential information can be exposed externally.
CVE-2021-4019 vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
CVE-2020-11261 KEV [KEV] Vulnerability in :linux_kernel:Qualcomm (CVE-2020-11261)
vulnerability in :linux_kernel:Qualcomm (CVE-2020-11261). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2021-01-05` or later.
CVE-2018-14847 KEV [KEV] Path Traversal in Mikrotik routeros (CVE-2018-14847)
path traversal in Mikrotik routeros (CVE-2018-14847). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-37415 KEV [KEV] Vulnerability in Zoho manageengine-servicedesk-plus-sdp (CVE-2021-37415)
vulnerability in Zoho manageengine-servicedesk-plus-sdp (CVE-2021-37415). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-40438 KEV [KEV] SSRF (Server-Side Request Forgery) in apache (CVE-2021-40438)
SSRF in apache (CVE-2021-40438). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-44077 KEV [KEV] Vulnerability in Zoho manageengine-servicedesk-plus-sdp-supportcenter-plus (CVE-2021-44077)
vulnerability in Zoho manageengine-servicedesk-plus-sdp-supportcenter-plus (CVE-2021-44077). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-41436 Vulnerability in dos (CVE-2021-41436)
vulnerability in dos (CVE-2021-41436). Risk of unauthorized operations or information disclosure.
CVE-2021-22204 KEV [KEV] Vulnerability in Perl exiftool (CVE-2021-22204)
vulnerability in Perl exiftool (CVE-2021-22204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-40449 KEV [KEV] Use-After-Free in Microsoft windows (CVE-2021-40449)
vulnerability in Microsoft windows (CVE-2021-40449). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42321 KEV [KEV] Vulnerability in Microsoft exchange (CVE-2021-42321)
vulnerability in Microsoft exchange (CVE-2021-42321). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42292 KEV [KEV] Vulnerability in Microsoft office (CVE-2021-42292)
vulnerability in Microsoft office (CVE-2021-42292). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42296 Microsoft Word Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-22893 KEV [KEV] Authentication Bypass in Ivanti pulse-connect-secure (CVE-2021-22893)
authentication bypass in Ivanti pulse-connect-secure (CVE-2021-22893). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-8243 KEV [KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2020-8243)
code injection in Ivanti pulse-connect-secure (CVE-2020-8243). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22900 KEV [KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2021-22900)
code injection in Ivanti pulse-connect-secure (CVE-2021-22900). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22894 KEV [KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2021-22894)
code injection in Ivanti pulse-connect-secure (CVE-2021-22894). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-8260 KEV [KEV] Unrestricted File Upload in Ivanti pulse-connect-secure (CVE-2020-8260)
vulnerability in Ivanti pulse-connect-secure (CVE-2020-8260). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22899 KEV [KEV] Command Injection in Ivanti pulse-connect-secure (CVE-2021-22899)
command injection in Ivanti pulse-connect-secure (CVE-2021-22899). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-11510 KEV [KEV] Path Traversal in Ivanti pulse-connect-secure (CVE-2019-11510)
path traversal in Ivanti pulse-connect-secure (CVE-2019-11510). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-11539 KEV [KEV] OS Command Injection in Ivanti pulse-connect-secure-and-pulse-policy-secure (CVE-2019-11539)
OS command injection in Ivanti pulse-connect-secure-and-pulse-policy-secure (CVE-2019-11539). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-1906 KEV [KEV] Vulnerability in :linux_kernel:Qualcomm (CVE-2021-1906)
vulnerability in :linux_kernel:Qualcomm (CVE-2021-1906). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2021-05-05` or later.
CVE-2021-1905 KEV [KEV] Use-After-Free in :linux_kernel:Qualcomm (CVE-2021-1905)
vulnerability in :linux_kernel:Qualcomm (CVE-2021-1905). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2021-05-05` or later.
CVE-2020-10221 KEV [KEV] OS Command Injection in rconfig (CVE-2020-10221)
OS command injection in rconfig (CVE-2020-10221). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-35395 KEV [KEV] Vulnerability in Realtek ap-router-sdk (CVE-2021-35395)
vulnerability in Realtek ap-router-sdk (CVE-2021-35395). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-16651 KEV [KEV] Vulnerability in roundcube (CVE-2017-16651)
vulnerability in roundcube (CVE-2017-16651). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-11652 KEV [KEV] Path Traversal in Saltstack salt (CVE-2020-11652)
path traversal in Saltstack salt (CVE-2020-11652). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2019.2.4, 3000.2` or later.
CVE-2020-11651 KEV [KEV] Vulnerability in Saltstack salt (CVE-2020-11651)
vulnerability in Saltstack salt (CVE-2020-11651). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2019.2.4, 3000.2` or later.
CVE-2020-16846 KEV [KEV] OS Command Injection in Saltstack salt (CVE-2020-16846)
OS command injection in Saltstack salt (CVE-2020-16846). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5, 2019.2.5, 3000.3` or later.
CVE-2018-2380 KEV [KEV] Path Traversal in Sap customer-relationship-management-crm (CVE-2018-2380)
path traversal in Sap customer-relationship-management-crm (CVE-2018-2380). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2010-5326 KEV [KEV] Vulnerability in Sap netweaver (CVE-2010-5326)
vulnerability in Sap netweaver (CVE-2010-5326). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-9563 KEV [KEV] XXE (XML External Entity) in Sap netweaver (CVE-2016-9563)
vulnerability in Sap netweaver (CVE-2016-9563). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-6287 KEV [KEV] Vulnerability in Sap netweaver (CVE-2020-6287)
vulnerability in Sap netweaver (CVE-2020-6287). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →