Skip to main content
CVE-2021-3378 CRITICAL POC THREAT Emergency

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fortilogger
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.5%
CVE-2021-23330 CRITICAL POC Act Now

All versions of package launchpad are vulnerable to Command Injection via stop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Launchpad
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-21276 CRITICAL POC PATCH Act Now

Polr is an open source URL shortener. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Authentication Bypass Polr
NVD GitHub Exploit-DB
CVSS 3.1
9.3
EPSS
7.2%
CVE-2021-21287 HIGH POC PATCH THREAT This Week

MinIO is a High Performance Object Storage released under Apache License v2.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache Path Traversal SSRF Minio
NVD GitHub
CVSS 3.1
7.7
EPSS
24.8%
CVE-2021-21286 HIGH This Week

AVideo Platform is an open-source Audio and Video platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21277 HIGH PATCH This Week

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Angular Expressions
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-3283 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Java Nomad
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3282 HIGH PATCH This Week

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3349 LOW POC Monitor

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-3348 HIGH PATCH This Week

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O. Rated high severity (CVSS 7.0).

Linux Information Disclosure Race Condition Linux Kernel Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-3340 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Wikindx
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3350 MEDIUM This Month

deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Delete Account
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3024 MEDIUM This Month

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-21266 MEDIUM PATCH This Month

openHAB is a vendor and technology agnostic open source automation software for your home. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Openhab
NVD GitHub
CVSS 3.1
5.0
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy