Skip to main content
CVE-2021-3311 CRITICAL POC PATCH Act Now

An issue was discovered in October through build 471. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure October
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-3229 HIGH POC This Week

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rt Ax3000 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-26722 MEDIUM POC PATCH This Month

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oncall
NVD GitHub
CVSS 3.1
6.1
EPSS
3.2%
CVE-2021-26710 MEDIUM POC This Month

A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Report2Web
NVD
CVSS 3.1
6.1
EPSS
7.5%
CVE-2021-20623 CRITICAL Act Now

Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Video Insight Vms
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-3258 MEDIUM POC PATCH This Month

Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Q2A Ultimate Seo
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-26711 MEDIUM POC This Month

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Report2Web
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-20652 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Name Directory
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-3382 HIGH PATCH This Week

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Gitea
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-1072 HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Geforce Experience
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-26708 HIGH PATCH This Week

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Rated high severity (CVSS 7.0).

Linux Privilege Escalation Linux Kernel Aff Baseboard Management Controller Cloud Backup +6
NVD
CVSS 3.1
7.0
EPSS
1.6%
CVE-2021-21303 MEDIUM PATCH This Month

Helm is open-source software which is essentially "The Kubernetes Package Manager". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2021-3333 MEDIUM PATCH This Month

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Open Audit
NVD
CVSS 3.1
6.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy