Skip to main content
CVE-2021-3177 CRITICAL POC PATCH THREAT Act Now

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python RCE Fedora Active Iq Unified Manager +7
NVD GitHub
CVSS 3.1
9.8
EPSS
23.3%
CVE-2020-28707 MEDIUM POC This Month

The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Stockdio Historical Chart
NVD VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-22851 CRITICAL Act Now

HGiga EIP product contains SQL Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Oaklouds Openid
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-22850 CRITICAL Act Now

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oaklouds Portal
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-25323 CRITICAL PATCH Act Now

The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-22852 HIGH This Week

HGiga EIP product contains SQL Injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Oaklouds Openid
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-20190 HIGH PATCH This Week

A flaw was found in jackson-databind before 2.9.10.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager Oncommand Api Services Oncommand Insight +4
NVD GitHub
CVSS 3.1
8.1
EPSS
7.5%
CVE-2021-22498 HIGH This Week

XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Application Lifecycle Management
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-3182 HIGH This Week

D-Link DCS-5220 devices have a buffer overflow. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow D-Link Memory Corruption Dcs 5220 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2021-3183 HIGH This Week

Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fat Client
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-3181 MEDIUM PATCH This Month

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Mutt Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2021-3178 MEDIUM PATCH This Month

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Linux Path Traversal Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2021-25324 MEDIUM PATCH This Month

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-25325 MEDIUM PATCH This Month

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3184 MEDIUM PATCH This Month

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20619 MEDIUM This Month

Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-20950 MEDIUM This Month

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Public Key Cryptography Standards 1 Microchip Libraries For Applications
NVD VulDB
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-21263 MEDIUM PATCH This Month

Laravel is a web application framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Laravel
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy