| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28826 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2021 | The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low… | ||
| CVE-2021-28825 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2021 | The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low… | ||
| CVE-2021-27259 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific… | ||
| CVE-2021-27253 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists… | ||
| CVE-2021-27252 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific… | ||
| CVE-2021-27251 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from… | ||
| CVE-2021-27249 | Hig | 0.58 | 8.8 | 0.05 | Apr 14, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI… | ||
| CVE-2021-27248 | Hig | 0.57 | 8.8 | 0.03 | Apr 14, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI… | ||
| CVE-2021-27246 | Hig | 0.53 | 8.0 | 0.07 | Apr 14, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the… | ||
| CVE-2021-28098 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2021 | An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has… | ||
| CVE-2021-27608 | Hig | 0.49 | 7.5 | 0.00 | Apr 14, 2021 | An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability. | ||
| CVE-2021-25314 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2021 | A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue… | ||
| CVE-2021-31152 | Hig | 0.61 | 8.8 | 0.04 | Apr 14, 2021 | Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. | ||
| CVE-2021-27990 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2021 | Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. | ||
| CVE-2021-26827 | Hig | 0.49 | 7.5 | 0.02 | Apr 14, 2021 | Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router. | ||
| CVE-2020-36120 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2021 | Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). | ||
| CVE-2021-22879 | Hig | 0.00 | 8.8 | 0.05 | Apr 14, 2021 | Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. | ||
| CVE-2020-36323 | Hig | 0.46 | 8.2 | 0.02 | Apr 14, 2021 | In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. | ||
| CVE-2021-3460 | Hig | 0.53 | 8.1 | 0.01 | Apr 13, 2021 | The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. | ||
| CVE-2021-29440 | Hig | 0.60 | 8.4 | 0.31 | Apr 13, 2021 | Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate… | ||
| CVE-2021-29439 | Hig | 0.00 | 7.2 | 0.03 | Apr 13, 2021 | The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary… | ||
| CVE-2021-29437 | Hig | 0.00 | 8.0 | 0.01 | Apr 13, 2021 | ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site… | ||
| CVE-2021-29435 | Hig | 0.46 | 8.1 | 0.01 | Apr 13, 2021 | trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session.… | ||
| CVE-2021-29428 | Hig | 0.00 | 8.8 | 0.01 | Apr 13, 2021 | In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly… | ||
| CVE-2021-29427 | Hig | 0.52 | 8.0 | 0.01 | Apr 13, 2021 | In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve… | ||
| CVE-2021-28482 | Hig | 0.64 | 8.8 | 0.83 | Apr 13, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-28477 | Hig | 0.46 | 7.0 | 0.02 | Apr 13, 2021 | Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2021-28475 | Hig | 0.51 | 7.8 | 0.03 | Apr 13, 2021 | Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2021-28473 | Hig | 0.51 | 7.8 | 0.03 | Apr 13, 2021 | Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2021-28472 | Hig | 0.56 | 7.8 | 0.63 | Apr 13, 2021 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | ||
| CVE-2021-28471 | Hig | 0.51 | 7.8 | 0.04 | Apr 13, 2021 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2021-28470 | Hig | 0.51 | 7.8 | 0.02 | Apr 13, 2021 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | ||
| CVE-2021-28469 | Hig | 0.51 | 7.8 | 0.03 | Apr 13, 2021 | Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2021-28468 | Hig | 0.51 | 7.8 | 0.06 | Apr 13, 2021 | Raw Image Extension Remote Code Execution Vulnerability | ||
| CVE-2021-28466 | Hig | 0.51 | 7.8 | 0.02 | Apr 13, 2021 | Raw Image Extension Remote Code Execution Vulnerability | ||
| CVE-2021-28464 | Hig | 0.51 | 7.8 | 0.02 | Apr 13, 2021 | VP9 Video Extensions Remote Code Execution Vulnerability | ||
| CVE-2021-28460 | Hig | 0.53 | 8.1 | 0.00 | Apr 13, 2021 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2021-28458 | Hig | 0.44 | 7.8 | 0.02 | Apr 13, 2021 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | ||
| CVE-2021-28457 | Hig | 0.51 | 7.8 | 0.03 | Apr 13, 2021 | Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2021-28454 | Hig | 0.51 | 7.8 | 0.03 | Apr 13, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-28453 | Hig | 0.51 | 7.8 | 0.04 | Apr 13, 2021 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2021-28452 | Hig | 0.46 | 7.1 | 0.01 | Apr 13, 2021 | Microsoft Outlook Memory Corruption Vulnerability | ||
| CVE-2021-28451 | Hig | 0.51 | 7.8 | 0.02 | Apr 13, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-28449 | Hig | 0.51 | 7.8 | 0.02 | Apr 13, 2021 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2021-28448 | Hig | 0.51 | 7.8 | 0.02 | Apr 13, 2021 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | ||
| CVE-2021-28446 | Hig | 0.46 | 7.1 | 0.01 | Apr 13, 2021 | Windows Portmapping Information Disclosure Vulnerability | ||
| CVE-2021-28445 | Hig | 0.53 | 8.1 | 0.03 | Apr 13, 2021 | Windows Network File System Remote Code Execution Vulnerability | ||
| CVE-2021-28440 | Hig | 0.46 | 7.0 | 0.01 | Apr 13, 2021 | Windows Installer Elevation of Privilege Vulnerability | ||
| CVE-2021-28439 | Hig | 0.49 | 7.5 | 0.06 | Apr 13, 2021 | Windows TCP/IP Driver Denial of Service Vulnerability | ||
| CVE-2021-28436 | Hig | 0.51 | 7.8 | 0.01 | Apr 13, 2021 | Windows Speech Runtime Elevation of Privilege Vulnerability |
- risk 0.57cvss 8.8epss 0.00
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low…
- risk 0.57cvss 8.8epss 0.00
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low…
- risk 0.51cvss 7.8epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- risk 0.57cvss 8.8epss 0.01
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…
- risk 0.57cvss 8.8epss 0.01
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific…
- risk 0.57cvss 8.8epss 0.01
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from…
- risk 0.58cvss 8.8epss 0.05
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI…
- risk 0.57cvss 8.8epss 0.03
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI…
- risk 0.53cvss 8.0epss 0.07
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the…
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has…
- risk 0.49cvss 7.5epss 0.00
An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.
- risk 0.51cvss 7.8epss 0.00
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue…
- risk 0.61cvss 8.8epss 0.04
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
- risk 0.49cvss 7.5epss 0.01
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.
- risk 0.49cvss 7.5epss 0.02
Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router.
- risk 0.49cvss 7.5epss 0.01
Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
- risk 0.00cvss 8.8epss 0.05
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
- risk 0.46cvss 8.2epss 0.02
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
- risk 0.53cvss 8.1epss 0.01
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
- risk 0.60cvss 8.4epss 0.31
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate…
- risk 0.00cvss 7.2epss 0.03
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary…
- risk 0.00cvss 8.0epss 0.01
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site…
- risk 0.46cvss 8.1epss 0.01
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session.…
- risk 0.00cvss 8.8epss 0.01
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly…
- risk 0.52cvss 8.0epss 0.01
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve…
- risk 0.64cvss 8.8epss 0.83
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.46cvss 7.0epss 0.02
Visual Studio Code Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Visual Studio Code Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Visual Studio Code Remote Code Execution Vulnerability
- risk 0.56cvss 7.8epss 0.63
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Visual Studio Code Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.06
Raw Image Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Raw Image Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
VP9 Video Extensions Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.00
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.44cvss 7.8epss 0.02
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.03
Visual Studio Code Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
Microsoft Word Remote Code Execution Vulnerability
- risk 0.46cvss 7.1epss 0.01
Microsoft Outlook Memory Corruption Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Office Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
- risk 0.46cvss 7.1epss 0.01
Windows Portmapping Information Disclosure Vulnerability
- risk 0.53cvss 8.1epss 0.03
Windows Network File System Remote Code Execution Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows Installer Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.06
Windows TCP/IP Driver Denial of Service Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Speech Runtime Elevation of Privilege Vulnerability