Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-27731
Accellion FTA 9_12_432 and previous versions is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
Accellion Fta
5.4
CVSSv3
CVE-2021-27733
In JetBrains YouTrack prior to 2020.6.6441, stored XSS was possible via an issue attachment.
9.8
CVSSv3
CVE-2021-27734
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 up to and including 08.5.xx and HiSecOS 03.3.00 up to and including 03.5.01 allow remote malicious users to change the credentials of existing users.
Belden Hirschmann Hios
Belden Hisecos
Belden Hirschmann Hios 07.1.02
Belden Hirschmann Hios 07.1.01
6.5
CVSSv3
CVE-2021-27736
FusionAuth fusionauth-samlv2 prior to 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.
2 Github repositories
7.5
CVSSv3
CVE-2021-27737
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
Apache Traffic Server 9.0.0
9.1
CVSSv3
CVE-2021-27741
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"
Hcltechsw Hcl Commerce
5.5
CVSSv3
CVE-2021-27753
"Sametime Android PathTraversal Vulnerability"
Hcltech Hcl Sametime
7.5
CVSSv3
CVE-2021-27756
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
Hcltech Bigfix Compliance
7.5
CVSSv3
CVE-2021-27757
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive inf...
Hcltech Bigfix Insights
6.5
CVSSv3
CVE-2021-27759
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.
Hcltech Bigfix Inventory
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »