Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2021
CVE-2021-20563
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-09-23
CVE-2021-22276
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-09-23
CVE-2021-26794
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-09-23
CVE-2020-4690
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-09-23
CVE-2020-4803
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.
CVSS Score
4.0
EPSS Score
0.0
Published
2021-09-23
CVE-2021-41381
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.801
Published
2021-09-23
CVE-2021-21913
An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.
CVSS Score
10.0
EPSS Score
0.007
Published
2021-09-23
CVE-2021-26750
DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-23
CVE-2021-36872
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
CVSS Score
5.5
EPSS Score
0.002
Published
2021-09-23
CVE-2021-3824
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-09-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved