Skip to main content
CVE-2021-22502 CRITICAL POC KEV THREAT Emergency

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Operation Bridge Reporter
NVD
CVSS 3.1
9.8
EPSS
96.7%
CVE-2021-26914 HIGH POC THREAT Act Now

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
77.7%
CVE-2021-25913 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Denial Of Service Set Or Get
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-26541 CRITICAL POC PATCH Act Now

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Gitlog
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2021-26754 CRITICAL POC Act Now

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wpdatatables
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2021-26530 CRITICAL POC Act Now

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow OpenSSL Memory Corruption Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-26529 CRITICAL POC Act Now

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-26528 CRITICAL POC Act Now

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-21305 HIGH POC PATCH THREAT This Week

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Carrierwave
NVD GitHub
CVSS 3.1
8.8
EPSS
12.7%
CVE-2021-26915 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
41.8%
CVE-2021-26913 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
13.3%
CVE-2021-26912 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
41.0%
CVE-2021-26222 HIGH POC This Week

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ezxml
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-26221 HIGH POC This Week

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ezxml
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-26220 HIGH POC This Week

The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ezxml
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-21240 HIGH POC PATCH This Week

httplib2 is a comprehensive HTTP client library for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Httplib2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-25837 HIGH POC This Week

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ethermint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-25836 HIGH POC This Week

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ethermint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-26910 HIGH POC PATCH This Week

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. Rated high severity (CVSS 7.0). Public exploit code available.

Authentication Bypass Firejail Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-26916 MEDIUM POC This Month

In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-22122 MEDIUM POC THREAT This Month

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 3.1
6.1
EPSS
10.5%
CVE-2021-21304 CRITICAL PATCH Act Now

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dynamoose
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-26917 MEDIUM POC PATCH This Month

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Pybitmessage
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-21290 MEDIUM POC PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Apple Information Disclosure Netty Debian Linux Quarkus +10
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2021-26540 MEDIUM POC PATCH This Month

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Sanitize Html
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-26539 MEDIUM POC PATCH This Month

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Sanitize Html
NVD GitHub
CVSS 3.1
5.3
EPSS
2.0%
CVE-2021-3293 MEDIUM POC THREAT This Month

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Emlog
NVD GitHub
CVSS 3.1
5.3
EPSS
17.4%
CVE-2021-26576 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Command Injection Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-26577 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26575 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26574 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26573 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25172 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Command Injection Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-26572 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26571 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26570 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-25171 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25170 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25169 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25168 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25142 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26826 HIGH PATCH This Week

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Godot Engine
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-26825 HIGH PATCH This Week

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Integer Overflow RCE Godot Engine
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-21306 HIGH PATCH This Week

Marked is an open-source markdown parser and compiler (npm package "marked"). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Marked
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-25835 HIGH PATCH This Week

Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ethermint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25834 HIGH PATCH This Week

Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ethermint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-26905 MEDIUM This Month

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Scim Bridge
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20359 MEDIUM This Month

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Automation
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-20358 MEDIUM This Month

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Automation
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21435 MEDIUM This Month

Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
6.5
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy