| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30665 | 0.12 | — | 0.03 | KEV | Sep 8, 2021 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is… | ||
| CVE-2021-30762 | 0.12 | — | 0.11 | KEV | Sep 8, 2021 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||
| CVE-2021-30761 | 0.12 | — | 0.11 | KEV | Sep 8, 2021 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||
| CVE-2021-40539 | 0.29 | — | 0.99 | KEV | Sep 7, 2021 | Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | ||
| CVE-2021-28550 | 0.14 | — | 0.52 | KEV | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-37415 | 0.19 | — | 1.00 | KEV | Sep 1, 2021 | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | ||
| CVE-2021-26084 | 0.29 | — | 1.00 | KEV | Aug 30, 2021 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version… | ||
| CVE-2021-32648 | 0.12 | — | 0.90 | KEV | Aug 26, 2021 | octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472… | ||
| CVE-2021-31010 | 0.12 | — | 0.04 | KEV | Aug 24, 2021 | A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was… | ||
| CVE-2021-30983 | 0.12 | — | 0.03 | KEV | Aug 24, 2021 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges. | ||
| CVE-2021-30952 | 0.12 | — | 0.08 | KEV | Aug 24, 2021 | An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2021-30900 | 0.12 | — | 0.05 | KEV | Aug 24, 2021 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges. | ||
| CVE-2021-30883 | 0.12 | — | 0.15 | KEV | Aug 24, 2021 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code… | ||
| CVE-2021-30869 | 0.12 | — | 0.04 | KEV | Aug 24, 2021 | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may… | ||
| CVE-2021-30860 | 0.18 | — | 0.76 | KEV | Aug 24, 2021 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a… | ||
| CVE-2021-30858 | 0.12 | — | 0.13 | KEV | Aug 24, 2021 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been… | ||
| CVE-2021-39144 | 0.23 | — | 0.99 | KEV | Aug 23, 2021 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed… | ||
| CVE-2021-35394 | 0.20 | — | 1.00 | KEV | Aug 16, 2021 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be… | ||
| CVE-2021-35395 | 0.19 | — | 0.98 | KEV | Aug 16, 2021 | Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both… | ||
| CVE-2021-26086 | 0.23 | — | 1.00 | KEV | Aug 16, 2021 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version… | ||
| CVE-2021-36380 | 0.19 | — | 0.98 | KEV | Aug 13, 2021 | Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi. | ||
| CVE-2021-36948 | 0.12 | — | 0.20 | KEV | Aug 12, 2021 | Windows Update Medic Service Elevation of Privilege Vulnerability | ||
| CVE-2021-36942 | 0.28 | — | 0.66 | KEV | Aug 12, 2021 | Windows LSA Spoofing Vulnerability | ||
| CVE-2021-34486 | 0.15 | — | 0.07 | KEV | Aug 12, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2021-34484 | 0.12 | — | 0.14 | KEV | Aug 12, 2021 | Windows User Profile Service Elevation of Privilege Vulnerability | ||
| CVE-2021-20028 | — | 0.24 | — | 0.30 | KEV | Aug 4, 2021 | Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier | |
| CVE-2021-30563 | 0.12 | — | 0.09 | KEV | Aug 3, 2021 | Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-26085 | 0.29 | — | 1.00 | KEV | Aug 3, 2021 | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. | ||
| CVE-2021-36742 | 0.12 | — | 0.01 | KEV | Jul 29, 2021 | A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to… | ||
| CVE-2021-36741 | 0.12 | — | 0.05 | KEV | Jul 29, 2021 | An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the… | ||
| CVE-2021-35464 | 0.29 | — | 1.00 | KEV | Jul 22, 2021 | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the… | ||
| CVE-2021-36934 | 0.22 | — | 0.67 | KEV | Jul 22, 2021 | An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with… | ||
| CVE-2021-34448 | 0.12 | — | 0.31 | KEV | Jul 16, 2021 | Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2021-35211 | 0.26 | — | 0.91 | KEV | Jul 14, 2021 | Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File… | ||
| CVE-2021-34523 | 0.29 | — | 1.00 | KEV | Jul 14, 2021 | Microsoft Exchange Server Elevation of Privilege Vulnerability | ||
| CVE-2021-34473 | 0.29 | — | 1.00 | KEV | Jul 14, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-33771 | 0.13 | — | 0.06 | KEV | Jul 14, 2021 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2021-33766 | 0.20 | — | 0.97 | KEV | Jul 14, 2021 | Microsoft Exchange Server Information Disclosure Vulnerability | ||
| CVE-2021-31979 | 0.12 | — | 0.03 | KEV | Jul 14, 2021 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2021-31196 | 0.12 | — | 0.46 | KEV | Jul 14, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-30116 | 0.22 | — | 0.86 | KEV | Jul 9, 2021 | Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker… | ||
| CVE-2021-22555 | 0.21 | — | 0.79 | KEV | Jul 7, 2021 | A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space | ||
| CVE-2021-34527 | 0.29 | — | 1.00 | KEV | Jul 2, 2021 | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install… | ||
| CVE-2021-30554 | 0.12 | — | 0.07 | KEV | Jul 2, 2021 | Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-30551 | 0.19 | — | 0.65 | KEV | Jun 15, 2021 | Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-22175 | 0.18 | — | 0.53 | KEV | Jun 11, 2021 | When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | ||
| CVE-2021-25395 | 0.12 | — | 0.00 | KEV | Jun 11, 2021 | A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. | ||
| CVE-2021-25394 | 0.12 | — | 0.00 | KEV | Jun 11, 2021 | A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. | ||
| CVE-2021-26828 | 0.18 | — | 0.39 | KEV | Jun 11, 2021 | OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | ||
| CVE-2021-26829 | 0.13 | — | 0.48 | KEV | Jun 11, 2021 | OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. |
- risk 0.12cvss —epss 0.03
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is…
- risk 0.12cvss —epss 0.11
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
- risk 0.12cvss —epss 0.11
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
- risk 0.29cvss —epss 0.99
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
- risk 0.14cvss —epss 0.52
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.19cvss —epss 1.00
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
- risk 0.29cvss —epss 1.00
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version…
- risk 0.12cvss —epss 0.90
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472…
- risk 0.12cvss —epss 0.04
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was…
- risk 0.12cvss —epss 0.03
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.
- risk 0.12cvss —epss 0.08
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
- risk 0.12cvss —epss 0.05
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.
- risk 0.12cvss —epss 0.15
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code…
- risk 0.12cvss —epss 0.04
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may…
- risk 0.18cvss —epss 0.76
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a…
- risk 0.12cvss —epss 0.13
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been…
- risk 0.23cvss —epss 0.99
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed…
- risk 0.20cvss —epss 1.00
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be…
- risk 0.19cvss —epss 0.98
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both…
- risk 0.23cvss —epss 1.00
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
- risk 0.19cvss —epss 0.98
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.
- risk 0.12cvss —epss 0.20
Windows Update Medic Service Elevation of Privilege Vulnerability
- risk 0.28cvss —epss 0.66
Windows LSA Spoofing Vulnerability
- risk 0.15cvss —epss 0.07
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.14
Windows User Profile Service Elevation of Privilege Vulnerability
- risk 0.24cvss —epss 0.30
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
- risk 0.12cvss —epss 0.09
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.29cvss —epss 1.00
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
- risk 0.12cvss —epss 0.01
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to…
- risk 0.12cvss —epss 0.05
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the…
- risk 0.29cvss —epss 1.00
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the…
- risk 0.22cvss —epss 0.67
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with…
- risk 0.12cvss —epss 0.31
Scripting Engine Memory Corruption Vulnerability
- risk 0.26cvss —epss 0.91
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File…
- risk 0.29cvss —epss 1.00
Microsoft Exchange Server Elevation of Privilege Vulnerability
- risk 0.29cvss —epss 1.00
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.13cvss —epss 0.06
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.20cvss —epss 0.97
Microsoft Exchange Server Information Disclosure Vulnerability
- risk 0.12cvss —epss 0.03
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.46
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.22cvss —epss 0.86
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker…
- risk 0.21cvss —epss 0.79
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
- risk 0.29cvss —epss 1.00
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…
- risk 0.12cvss —epss 0.07
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.19cvss —epss 0.65
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.18cvss —epss 0.53
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
- risk 0.12cvss —epss 0.00
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
- risk 0.12cvss —epss 0.00
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
- risk 0.18cvss —epss 0.39
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
- risk 0.13cvss —epss 0.48
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.