Skip to main content
CVE-2021-3156 HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo Fedora Debian Linux +21
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
99.3%
CVE-2021-3317 HIGH POC THREAT This Week

KLog Server through 2.4.1 allows authenticated command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Klog Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
41.4%
CVE-2021-3165 HIGH POC This Week

SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smartagent
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-3164 HIGH POC This Week

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Churchrota
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-25863 HIGH POC This Week

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open5gs
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-3309 HIGH POC PATCH This Week

packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Wekan
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-28874 HIGH POC PATCH This Week

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Projectsend
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-3297 HIGH POC THREAT This Week

On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Nbg2105 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
20.5%
CVE-2021-3223 HIGH POC PATCH THREAT This Week

Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Node Red Dashboard
NVD GitHub
CVSS 3.1
7.5
EPSS
18.5%
CVE-2021-3195 HIGH POC This Week

bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-25908 HIGH POC This Week

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fil Ocl
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25906 HIGH POC PATCH This Week

An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Basic Dsp Matrix
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25904 HIGH POC PATCH This Week

An issue was discovered in the av-data crate before 0.3.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Av Data
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25903 HIGH POC This Week

An issue was discovered in the cache crate through 2021-01-01 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cache
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-25902 HIGH POC PATCH This Week

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glsl Layout
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-25864 HIGH POC This Week

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Huemagic
NVD GitHub
CVSS 3.1
7.5
EPSS
9.3%
CVE-2021-3291 HIGH POC PATCH THREAT This Week

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zen Cart
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
16.8%
CVE-2021-22159 HIGH This Week

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Microsoft Privilege Escalation Authentication Bypass Insider Threat Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26026 HIGH This Week

PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Photo Studio 2021
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-26025 HIGH This Week

PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Photo Studio 2021
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-22698 HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE File Upload Ecostruxure Power Build Rapsody
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2021-22697 HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ecostruxure Power Build Rapsody
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2021-3115 HIGH PATCH This Week

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Command Injection RCE Go Fedora +2
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2021-26267 HIGH This Week

cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-26266 HIGH This Week

cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-21723 HIGH This Week

Some ZTE products have a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxr10 9904 Firmware Zxr10 9908 Firmware Zxr10 9916 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1070 HIGH This Week

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Linux For Tegra
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy