CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-0787	High	60.8%	MicrosoftWindows	Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.	Jan 28, 2022	KEV
CVE-2014-6271	High	94.2%	GNUBourne-Again Shell (Bash)	GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.	Jan 28, 2022	KEV
CVE-2012-0391	High	88.3%	ApacheStruts 2	The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.	Jan 21, 2022	KEV
CVE-2021-35247	High	3.0%	SolarWindsServ-U	SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.	Jan 21, 2022	KEV
CVE-2018-8453	High	78.2%	MicrosoftWin32k	Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.	Jan 21, 2022	KEV
CVE-2006-1547	High	15.4%	ApacheStruts 1	ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).	Jan 21, 2022	KEV
CVE-2021-25297	High	79.9%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-25296	High	93.6%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-32648	High	93.1%	October CMSOctober CMS	In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.	Jan 18, 2022	KEV
CVE-2021-21975	High	94.4%	VMwarevRealize Operations Manager API	Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.	Jan 18, 2022	KEV
CVE-2021-33766	High	93.7%	MicrosoftExchange Server	Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.	Jan 18, 2022	KEV
CVE-2020-13671	High	4.5%	DrupalDrupal core	Improper sanitization in the extension file names is present in Drupal core.	Jan 18, 2022	KEV
CVE-2021-21315	High	93.9%	Npm packageSystem Information Library for Node.JS	In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.	Jan 18, 2022	KEV
CVE-2021-22991	High	73.1%	F5BIG-IP Traffic Management Microkernel	The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.	Jan 18, 2022	KEV
CVE-2021-25298	High	75.5%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2020-14864	High	94.0%	OracleIntelligence Enterprise Edition	Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.	Jan 18, 2022	KEV
CVE-2020-11978	High	94.3%	ApacheAirflow	A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.	Jan 18, 2022	KEV
CVE-2021-40870	High	94.2%	AviatrixAviatrix Controller	Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.	Jan 18, 2022	KEV
CVE-2020-13927	High	94.1%	ApacheAirflow's Experimental API	The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.	Jan 18, 2022	KEV
CVE-2019-10149	High	94.0%	EximMail Transfer Agent (MTA)	Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.	Jan 10, 2022	KEV

CVE-2020-0787KEV

High

Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.

MicrosoftEPSS 60.8%

CVE-2014-6271KEV

High

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.

GNUEPSS 94.2%

CVE-2012-0391KEV

High

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.

ApacheEPSS 88.3%

CVE-2021-35247KEV

High

SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.

SolarWindsEPSS 3.0%

CVE-2018-8453KEV

High

Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.

MicrosoftEPSS 78.2%

CVE-2006-1547KEV

High

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).

ApacheEPSS 15.4%

CVE-2021-25297KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 79.9%

CVE-2021-25296KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 93.6%

CVE-2021-32648KEV

High

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

October CMSEPSS 93.1%

CVE-2021-21975KEV

High

Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

VMwareEPSS 94.4%

CVE-2021-33766KEV

High

Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

MicrosoftEPSS 93.7%

CVE-2020-13671KEV

High

Improper sanitization in the extension file names is present in Drupal core.

DrupalEPSS 4.5%

CVE-2021-21315KEV

High

In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.

Npm packageEPSS 93.9%

CVE-2021-22991KEV

High

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.

F5EPSS 73.1%

CVE-2021-25298KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 75.5%

CVE-2020-14864KEV

High

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

OracleEPSS 94.0%

CVE-2020-11978KEV

High

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.

ApacheEPSS 94.3%

CVE-2021-40870KEV

High

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

AviatrixEPSS 94.2%

CVE-2020-13927KEV

High

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.

ApacheEPSS 94.1%

CVE-2019-10149KEV

High

Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

EximEPSS 94.0%

60 61 62 63 64 65 66