CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2012-0391	High	88.3%	ApacheStruts 2	The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.	Jan 21, 2022	KEV
CVE-2021-40870	High	94.2%	AviatrixAviatrix Controller	Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.	Jan 18, 2022	KEV
CVE-2021-25296	High	93.6%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-22991	High	73.1%	F5BIG-IP Traffic Management Microkernel	The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.	Jan 18, 2022	KEV
CVE-2021-21315	High	93.9%	Npm packageSystem Information Library for Node.JS	In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.	Jan 18, 2022	KEV
CVE-2020-13671	High	4.5%	DrupalDrupal core	Improper sanitization in the extension file names is present in Drupal core.	Jan 18, 2022	KEV
CVE-2021-33766	High	93.7%	MicrosoftExchange Server	Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.	Jan 18, 2022	KEV
CVE-2021-25297	High	79.9%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-21975	High	94.4%	VMwarevRealize Operations Manager API	Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.	Jan 18, 2022	KEV
CVE-2020-11978	High	94.3%	ApacheAirflow	A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.	Jan 18, 2022	KEV
CVE-2020-14864	High	94.0%	OracleIntelligence Enterprise Edition	Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.	Jan 18, 2022	KEV
CVE-2021-25298	High	75.5%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-32648	High	93.1%	October CMSOctober CMS	In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.	Jan 18, 2022	KEV
CVE-2020-13927	High	94.1%	ApacheAirflow's Experimental API	The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.	Jan 18, 2022	KEV
CVE-2019-1458	High	91.9%	MicrosoftWin32k	A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.	Jan 10, 2022	KEV
CVE-2020-6572	High	19.1%	GoogleChrome Media	Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.	Jan 10, 2022	KEV
CVE-2013-3900	High	80.2%	MicrosoftWinVerifyTrust function	A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.	Jan 10, 2022	KEV
CVE-2019-10149	High	94.0%	EximMail Transfer Agent (MTA)	Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.	Jan 10, 2022	KEV
CVE-2015-7450	High	93.5%	IBMWebSphere Application Server and Server Hypervisor Edition	Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands	Jan 10, 2022	KEV
CVE-2018-13382	High	86.1%	FortinetFortiOS and FortiProxy	An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.	Jan 10, 2022	KEV

CVE-2012-0391KEV

High

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.

ApacheEPSS 88.3%

CVE-2021-40870KEV

High

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

AviatrixEPSS 94.2%

CVE-2021-25296KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 93.6%

CVE-2021-22991KEV

High

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.

F5EPSS 73.1%

CVE-2021-21315KEV

High

In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.

Npm packageEPSS 93.9%

CVE-2020-13671KEV

High

Improper sanitization in the extension file names is present in Drupal core.

DrupalEPSS 4.5%

CVE-2021-33766KEV

High

Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

MicrosoftEPSS 93.7%

CVE-2021-25297KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 79.9%

CVE-2021-21975KEV

High

Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

VMwareEPSS 94.4%

CVE-2020-11978KEV

High

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.

ApacheEPSS 94.3%

CVE-2020-14864KEV

High

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

OracleEPSS 94.0%

CVE-2021-25298KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 75.5%

CVE-2021-32648KEV

High

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

October CMSEPSS 93.1%

CVE-2020-13927KEV

High

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.

ApacheEPSS 94.1%

CVE-2019-1458KEV

High

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.

MicrosoftEPSS 91.9%

CVE-2020-6572KEV

High

Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.

GoogleEPSS 19.1%

CVE-2013-3900KEV

High

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.

MicrosoftEPSS 80.2%

CVE-2019-10149KEV

High

Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

EximEPSS 94.0%

CVE-2015-7450KEV

High

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands

IBMEPSS 93.5%

CVE-2018-13382KEV

High

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

FortinetEPSS 86.1%

61 62 63 64 65 66 67