The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2021-33011 - All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between aff... read CVE-2021-33011
    Published: September 10, 2021; 8:15:07 AM -0400

    V3.1: 4.3 MEDIUM
    V2.0: 3.3 LOW

  • CVE-2021-3645 - merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
    Published: September 10, 2021; 7:15:09 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-34344 - A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSB... read CVE-2021-34344
    Published: September 10, 2021; 12:15:18 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-1855 - A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon.
    Published: September 08, 2021; 11:15:11 AM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 6.4 MEDIUM

  • CVE-2020-21126 - MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
    Published: September 15, 2021; 1:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2020-21127 - MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
    Published: September 15, 2021; 1:15:09 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-37412 - The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.
    Published: September 15, 2021; 1:15:10 PM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-32139 - The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
    Published: September 13, 2021; 4:15:08 PM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-32138 - The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
    Published: September 13, 2021; 4:15:08 PM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-37535 - SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
    Published: September 14, 2021; 8:15:10 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-38150 - When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials.... read CVE-2021-38150
    Published: September 14, 2021; 8:15:10 AM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-34343 - A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following... read CVE-2021-34343
    Published: September 10, 2021; 12:15:18 AM -0400

    V3.1: 7.2 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2021-37532 - SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.
    Published: September 14, 2021; 8:15:10 AM -0400

    V3.1: 4.3 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2021-33686 - Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.
    Published: September 14, 2021; 8:15:09 AM -0400

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM

  • CVE-2021-3780 - peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Published: September 15, 2021; 8:15:16 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-33688 - SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.
    Published: September 14, 2021; 8:15:09 AM -0400

    V3.1: 4.3 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2021-3783 - yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Published: September 15, 2021; 8:15:16 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-39125 - Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from v... read CVE-2021-39125
    Published: September 14, 2021; 3:15:07 AM -0400

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM

  • CVE-2021-3785 - yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Published: September 15, 2021; 8:15:16 AM -0400

    V3.1: 5.4 MEDIUM
    V2.0: 3.5 LOW

  • CVE-2020-20672 - An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
    Published: September 13, 2021; 6:15:10 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM