Skip to main content
CVE-2021-25646 HIGH POC PATCH THREAT Act Now

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Druid
NVD
CVSS 3.1
8.8
EPSS
99.3%
CVE-2021-26305 CRITICAL POC PATCH Act Now

An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cdr
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-3347 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel through 5.10.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-26308 HIGH POC PATCH This Week

An issue was discovered in the marc crate before 2.0.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marc
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-26303 MEDIUM POC This Month

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Daily Expense Tracker System
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3346 CRITICAL Act Now

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foris
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-23328 MEDIUM POC This Month

This affects all versions of package iniparserjs. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Iniparserjs
NVD
CVSS 3.1
5.6
EPSS
1.0%
CVE-2021-26307 MEDIUM POC PATCH This Month

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Raw Cpuid
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3298 MEDIUM POC This Month

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Collabtive
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.1%
CVE-2021-26304 MEDIUM POC This Month

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Daily Expense Tracker System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-3336 HIGH PATCH This Week

DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-3176 HIGH This Week

The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code,. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Businesscti Enterprise
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2021-25138 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25137 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25136 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25135 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25134 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25133 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25132 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25131 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25130 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25129 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25128 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25127 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25126 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25125 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25124 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware Cloudline Cl5800 Gen10 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-3345 HIGH PATCH This Week

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libgcrypt Communications Billing And Revenue Management
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-25123 HIGH This Week

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cloudline Cl5800 Gen10 Server Firmware Cloudline Cl3100 Gen10 Server Firmware Cloudline Cl4100 Gen10 Server Firmware Cloudline Cl5200 Gen9 Server Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-20586 HIGH This Week

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rv2Fr Firmware Rv2Frl Firmware Rv4Fr Firmware Rv4Frl Firmware +29
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-25909 HIGH This Week

ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 4Cct Ea6 334126Bf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-26306 HIGH PATCH This Week

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Raw Cpuid
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3341 HIGH This Week

A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Dxenterprise Dxodyssey
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-21254 MEDIUM PATCH This Month

CKEditor 5 is an open source rich text editor framework with a modular architecture. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ckeditor5
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-25910 MEDIUM This Month

Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 4Cct Ea6 334126Bf Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy