Recent 01/14/2021


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

09:51 PM4.34.3Apache Tomcat NTFS File System File.getCanonicalPath information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined3.31CVE-2021-24122
09:50 PM5.55.5XMLBeans XML Parser xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.59CVE-2021-23926
09:49 PM3.53.5ZTE ZXV10 B860A Log information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.55CVE-2021-21722
09:48 PM5.35.3acmailer/acmailer DB improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.34CVE-2021-20618
09:48 PM6.36.3acmailer/acmailer DB access control$0-$5k$0-$5kNot DefinedNot Defined0.51CVE-2021-20617
09:47 PM2.42.4Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.38CVE-2020-6777
09:46 PM4.34.3Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.34CVE-2020-6776
09:46 PM3.53.5SimplCommerce Bootbox.js html cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.42CVE-2020-29587
09:44 PM7.37.3Fortinet FortiWeb httpd stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix1.61CVE-2020-29019
09:43 PM6.36.3Fortinet FortiWeb format string$0-$5k$0-$5kNot DefinedNot Defined1.44CVE-2020-29018
09:43 PM6.36.3Fortinet FortiDeceptor Customization Page os command injection$0-$5k$0-$5kNot DefinedNot Defined1.57CVE-2020-29017
09:42 PM7.37.3Fortinet FortiWeb Request stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix1.40CVE-2020-29016
09:40 PM5.65.6Fortinet FortiWeb Authorization Header sql injection$0-$5k$0-$5kNot DefinedOfficial Fix1.61CVE-2020-29015
09:39 PM6.36.3scullyio scully HTML Page JSON.stringify state issue$0-$5k$0-$5kNot DefinedOfficial Fix0.87CVE-2020-28470
09:37 PM3.53.5TOTOLINK A702R Directory Indexing information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.60CVE-2020-27368
09:34 PM3.53.5Skyworth GN542VF Configuration Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.42CVE-2020-26733
09:33 PM3.73.7Skyworth GN542VF Boa Session Cookie missing secure attribute$0-$5k$0-$5kNot DefinedNot Defined0.33CVE-2020-26732
01:40 PM6.36.3Open-iSCSI tcmu-runner tcmur_cmd_handler.c xcopy_locate_udev pathname traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.42CVE-2021-3139
01:39 PM6.36.3Discourse 2FA improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.55CVE-2021-3138
01:38 PM4.34.31C:Enterprise URL Parameter information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.29CVE-2021-3131
01:38 PM2.72.7Palo-Alto PAN-OS log file$0-$5k$0-$5kNot DefinedOfficial Fix0.20CVE-2021-3032
01:36 PM4.34.3Palo-Alto PAN OS Ethernet Packet information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.20CVE-2021-3031
01:35 PM5.55.5git-big-picture Branch Name unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.56CVE-2021-3028
01:34 PM3.53.5OWASP json-sanitizer JSON denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.50CVE-2021-23900
01:34 PM3.53.5OWASP json-sanitizer Script Tag cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.25CVE-2021-23899
01:33 PM3.53.5Bumblebee HP ALM Plugin Configuration File credentials storage$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21614
01:32 PM3.53.5TICS Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.16CVE-2021-21613
01:32 PM3.53.5TraceTronic ECU-TEST Plugin Configuration File credentials storage$0-$5k$0-$5kNot DefinedNot Defined0.58CVE-2021-21612
01:32 PM3.53.5Jenkins Display Name cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21611
01:31 PM3.53.5Jenkins Markup cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.18CVE-2021-21610
01:31 PM5.55.5Jenkins URL handler authorization$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21609
01:30 PM3.53.5Jenkins cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.75CVE-2021-21608
01:30 PM3.53.5Jenkins URL memory allocation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21607
01:29 PM3.53.5Jenkins XML File information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21606
01:23 PM5.55.5Jenkins Agent config.xml permission$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21605
01:22 PM5.55.5Jenkins Old Data Monitor deserialization$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-21604
01:22 PM3.53.5Jenkins Notification Bar cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21603
01:21 PM5.55.5Jenkins File Browser link following$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21602
01:20 PM5.35.3jQuery Validation Plugin resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.17CVE-2021-21252
01:19 PM6.36.3Adobe Bridge TTF File out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21013
01:19 PM6.36.3Adobe Bridge TTF File out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.22CVE-2021-21012
01:18 PM5.35.3Adobe Captivate 2019 uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2021-21011
01:18 PM5.35.3Adobe InCopy uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2021-21010
01:17 PM5.35.3Adobe Campaign Classic server-side request forgery$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-21009
01:16 PM5.35.3Adobe Animate uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2021-21008
01:16 PM5.35.3Adobe Illustrator uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.23CVE-2021-21007
01:15 PM6.36.3Adobe Photoshop Font File heap-based overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21006
12:43 PM7.27.2Cisco Small Business Web-based Management Interface stack-based overflow$5k-$25k$5k-$25kNot DefinedWorkaround0.04CVE-2021-1360
12:43 PM3.13.1Cisco WebEx Meetings/WebEx Meetings Server Host Key excessive authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2021-1311
12:42 PM6.36.3Cisco Webex Meetings Web-based Management Interface redirect$5k-$25k$0-$5kNot DefinedOfficial Fix0.12CVE-2021-1310

Do you want to use VulDB in your project?

Use the official API to access entries easily!