Skip to main content
CVE-2021-25912 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Denial Of Service Dotty
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-25310 HIGH POC This Week

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection Linksys Wrt160Nl Firmware
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2021-21291 MEDIUM POC PATCH This Month

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-20199 MEDIUM POC PATCH This Month

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Podman
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2021-21289 HIGH PATCH This Week

Mechanize is an open-source ruby library that makes automated web interaction easy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mechanize Fedora Debian Linux
NVD GitHub
CVSS 3.1
8.3
EPSS
3.5%
CVE-2021-23271 HIGH This Week

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ebx
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2021-21294 HIGH PATCH This Week

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Http4S
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-21293 HIGH PATCH This Week

blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Blaze
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-21284 MEDIUM PATCH This Month

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Docker Privilege Escalation Path Traversal Debian Linux E Series Santricity Os Controller
NVD GitHub
CVSS 3.1
6.8
EPSS
1.1%
CVE-2021-21285 MEDIUM PATCH This Month

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Docker Denial Of Service Debian Linux E Series Santricity Os Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
3.3%
CVE-2021-21292 MEDIUM PATCH This Month

Traccar is an open source GPS tracking system. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Java Traccar
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2021-21043 MEDIUM PATCH This Month

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Consulting Services Commons
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-3395 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pryaniki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-3281 MEDIUM PATCH This Month

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django Fedora Snapcenter
NVD
CVSS 3.1
5.3
EPSS
7.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy