Recent 02/05/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
20:225.95.9Gitea denial of service$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-3382
20:214.44.4Question2Answer Q2A Ultimate SEO cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-3258
20:194.74.7IBM PowerHA Discovery information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-4832
20:194.84.8typora cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18737
20:184.84.8Opmantek Open-AudIT SQL Statement cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-3333
20:177.77.4October CMS Manager.php improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-3311
20:165.85.8Redwood Report2Web default.htm injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-26711
20:154.84.8Redwood Report2Web signIn.do cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2021-26710
20:146.05.7Linux Kernel VSOCK af_vsock.c race condition$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.16CVE-2021-26708
20:136.16.1Name Directory Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-20652
20:129.38.9Panasonic Video Insight VMS code injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-20623
20:124.44.2Electric Coin Company Zcashd Time Offset information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-8807
20:116.26.0Electric Coin Company Zcashd Timestamp authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-8806
20:105.55.5GNOME gnome-autoar Extraction autoar-extractor.c pathname traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-36241
20:097.57.5Zoho ManageEngine Applications Manager com.adventnet.appmanager.filter.UriCollector showresource.do sql injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-35765
20:098.08.0ZZZCMS zzzphp zzz_template.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18717
20:078.08.0RockOA wordAction.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18716
20:078.08.0RockOA wordModel.php getdata sql injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-18714
20:068.08.0RockOA customerAction.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18713
17:538.07.2Epikur checkPasswort backdoor$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2020-10539
17:534.03.9Epikur hash without salt$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-10538
17:527.06.7Epikur Service Port 4848 improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-10537
12:567.57.0Google Chrome V8 heap-based overflow$25k-$100k$5k-$25kFunctionalOfficial Fix0.09CVE-2021-21148
10:496.56.3Trend Micro Apex One out-of-bounds write$5k-$25k$0-$5kNot DefinedNot Defined0.08CVE-2021-25249
10:494.54.3Trend Micro Apex One/OfficeScan/Worry-Free Business Security Named Pipe out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-25248
10:484.84.6Trend Micro Apex One information disclosure$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2021-25246
10:474.84.6Trend Micro Worry-Free Business Security access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25245
10:464.84.6Trend Micro Worry-Free Business Security access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25244
10:464.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-25243
10:454.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25242
10:444.84.6Trend Micro Apex One/Worry-Free Business Security server-side request forgery$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25241
10:434.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25240
10:434.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25239
10:424.84.6Trend Micro OfficeScan XG/Worry-Free Business Security information disclosure$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25238
10:424.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25237
10:414.84.6Trend Micro OfficeScan XG/Worry-Free Business Security server-side request forgery$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25236
10:414.84.6Trend Micro Apex One/OfficeScan XG Configuration File access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25235
10:404.84.6Trend Micro Apex One Configuration File access control$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2021-25234
10:404.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2021-25233
10:394.84.6Trend Micro Apex One/OfficeScan XG access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25232
10:394.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2021-25231
10:384.84.6Trend Micro Apex One/OfficeScan XG access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25230
10:384.84.6Trend Micro Apex One/OfficeScan XG access control$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2021-25229
10:374.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25228
10:364.34.2Trend Micro Antivirus Scanning Engine memory allocation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25227
10:356.96.6Cisco IOS XR/NX-OS IPv6 Access Control List access control$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-1389
10:347.87.5Cisco IOS XR Command Line os command injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-1370
10:343.53.4Cisco Unified Computing System Registration API certificate validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-1354
10:337.26.9Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2021-1348
10:337.26.9Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-1347

Do you want to use VulDB in your project?

Use the official API to access entries easily!