CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2006-1547	High	15.4%	ApacheStruts 1	ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).	Jan 21, 2022	KEV
CVE-2012-0391	High	88.3%	ApacheStruts 2	The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.	Jan 21, 2022	KEV
CVE-2021-35247	High	3.0%	SolarWindsServ-U	SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.	Jan 21, 2022	KEV
CVE-2021-22991	High	73.1%	F5BIG-IP Traffic Management Microkernel	The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.	Jan 18, 2022	KEV
CVE-2021-25297	High	79.9%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-21315	High	93.9%	Npm packageSystem Information Library for Node.JS	In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.	Jan 18, 2022	KEV
CVE-2021-25298	High	75.5%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-32648	High	93.1%	October CMSOctober CMS	In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.	Jan 18, 2022	KEV
CVE-2021-40870	High	94.2%	AviatrixAviatrix Controller	Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.	Jan 18, 2022	KEV
CVE-2020-14864	High	94.0%	OracleIntelligence Enterprise Edition	Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.	Jan 18, 2022	KEV
CVE-2020-13671	High	4.5%	DrupalDrupal core	Improper sanitization in the extension file names is present in Drupal core.	Jan 18, 2022	KEV
CVE-2021-25296	High	93.6%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2020-11978	High	94.3%	ApacheAirflow	A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.	Jan 18, 2022	KEV
CVE-2021-33766	High	93.7%	MicrosoftExchange Server	Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.	Jan 18, 2022	KEV
CVE-2021-21975	High	94.4%	VMwarevRealize Operations Manager API	Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.	Jan 18, 2022	KEV
CVE-2020-13927	High	94.1%	ApacheAirflow's Experimental API	The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.	Jan 18, 2022	KEV
CVE-2019-7609	High	94.4%	ElasticKibana	Kibana contain an arbitrary code execution flaw in the Timelion visualizer.	Jan 10, 2022	KEV
CVE-2017-1000486	High	93.7%	PrimetekPrimefaces Application	Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution	Jan 10, 2022	KEV
CVE-2019-9670	High 9.8	94.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.	Jan 10, 2022	KEVExploit
CVE-2021-27860	High	42.6%	FatPipeWARP, IPVPN, and MPVPN software	A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.	Jan 10, 2022	KEV

CVE-2006-1547KEV

High

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).

ApacheEPSS 15.4%

CVE-2012-0391KEV

High

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.

ApacheEPSS 88.3%

CVE-2021-35247KEV

High

SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.

SolarWindsEPSS 3.0%

CVE-2021-22991KEV

High

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.

F5EPSS 73.1%

CVE-2021-25297KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 79.9%

CVE-2021-21315KEV

High

In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.

Npm packageEPSS 93.9%

CVE-2021-25298KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 75.5%

CVE-2021-32648KEV

High

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

October CMSEPSS 93.1%

CVE-2021-40870KEV

High

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

AviatrixEPSS 94.2%

CVE-2020-14864KEV

High

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

OracleEPSS 94.0%

CVE-2020-13671KEV

High

Improper sanitization in the extension file names is present in Drupal core.

DrupalEPSS 4.5%

CVE-2021-25296KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 93.6%

CVE-2020-11978KEV

High

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.

ApacheEPSS 94.3%

CVE-2021-33766KEV

High

Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

MicrosoftEPSS 93.7%

CVE-2021-21975KEV

High

Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

VMwareEPSS 94.4%

CVE-2020-13927KEV

High

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.

ApacheEPSS 94.1%

CVE-2019-7609KEV

High

Kibana contain an arbitrary code execution flaw in the Timelion visualizer.

ElasticEPSS 94.4%

CVE-2017-1000486KEV

High

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

PrimetekEPSS 93.7%

CVE-2019-9670KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.

SynacorCVSS 9.8EPSS 94.4%

Exploit

CVE-2021-27860KEV

High

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

FatPipeEPSS 42.6%

58 59 60 61 62 63 64