Security Vulnerabilities - Known exploited
CVE-2021-36942
Windows LSA Spoofing Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.937
Published
2021-08-12
CVE-2021-36948
Windows Update Medic Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.011
Published
2021-08-12
CVE-2021-34484
Windows User Profile Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.028
Published
2021-08-12
CVE-2021-34486
Windows Event Tracing Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.365
Published
2021-08-12
CVE-2021-20028
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
Known exploited
CVSS Score
9.8
EPSS Score
0.792
Published
2021-08-04
CVE-2021-30563
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.031
Published
2021-08-03
CVE-2021-26085
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
Known exploited
CVSS Score
5.3
EPSS Score
0.94
Published
2021-08-03
CVE-2021-36741
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
Known exploited
CVSS Score
8.8
EPSS Score
0.007
Published
2021-07-29
CVE-2021-36742
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Known exploited
CVSS Score
7.8
EPSS Score
0.014
Published
2021-07-29
CVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2021-07-22