Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 172421 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41342 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2021-10-19 6.8 MEDIUM 8.8 HIGH
Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-41340 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2021-10-19 6.8 MEDIUM 7.8 HIGH
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-33988 2021-10-19 N/A N/A
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.
CVE-2021-24719 1 Kriesi 1 Enfold 2021-10-19 4.3 MEDIUM 6.1 MEDIUM
The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.
CVE-2021-41382 1 Plasticscm 1 Plastic Scm 2021-10-19 5.0 MEDIUM 7.5 HIGH
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
CVE-2021-41339 1 Microsoft 4 Windows 10, Windows 11, Windows Server 2016 and 1 more 2021-10-19 4.6 MEDIUM 7.8 HIGH
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-41338 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2021-10-19 2.1 LOW 5.5 MEDIUM
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
CVE-2021-41337 1 Microsoft 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 2021-10-19 4.0 MEDIUM 4.9 MEDIUM
Active Directory Security Feature Bypass Vulnerability
CVE-2021-38911 2021-10-19 N/A N/A
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
CVE-2021-29912 2021-10-19 N/A N/A
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.
CVE-2020-12141 2021-10-19 N/A N/A
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.
CVE-2021-41336 1 Microsoft 2 Windows 11, Windows Server 2022 2021-10-19 2.1 LOW 5.5 MEDIUM
Windows Kernel Information Disclosure Vulnerability
CVE-2021-41335 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-10-19 7.2 HIGH 7.8 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-41334 1 Microsoft 4 Windows 10, Windows 11, Windows Server 2016 and 1 more 2021-10-19 4.6 MEDIUM 7.8 HIGH
Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2021-20125 1 Draytek 1 Vigorconnect 2021-10-19 10.0 HIGH 9.8 CRITICAL
An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges.
CVE-2021-41332 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2021-10-19 4.0 MEDIUM 6.5 MEDIUM
Windows Print Spooler Information Disclosure Vulnerability
CVE-2021-22949 1 Concretecms 1 Concrete Cms 2021-10-19 5.8 MEDIUM 5.4 MEDIUM
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"
CVE-2021-20124 1 Draytek 1 Vigorconnect 2021-10-19 7.8 HIGH 7.5 HIGH
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
CVE-2021-22953 1 Concretecms 1 Concrete Cms 2021-10-19 5.8 MEDIUM 5.4 MEDIUM
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"
CVE-2021-20123 1 Draytek 1 Vigorconnect 2021-10-19 7.8 HIGH 7.5 HIGH
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.