Skip to main content
CVE-2021-26957 CRITICAL POC PATCH Act Now

An issue was discovered in the xcb crate through 2021-02-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xcb
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-26956 CRITICAL POC PATCH Act Now

An issue was discovered in the xcb crate through 2021-02-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xcb
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-26955 CRITICAL POC PATCH Act Now

An issue was discovered in the xcb crate through 2021-02-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xcb
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-26951 CRITICAL POC PATCH Act Now

An issue was discovered in the calamine crate before 0.17.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Calamine
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-26937 CRITICAL POC Act Now

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Screen Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2021-26918 CRITICAL POC Act Now

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bot
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-21479 CRITICAL POC PATCH Act Now

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Scimono
NVD GitHub
CVSS 3.1
9.1
EPSS
10.0%
CVE-2021-26958 HIGH POC PATCH This Week

An issue was discovered in the xcb crate through 2021-02-04 for Rust. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xcb
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-26551 HIGH POC This Week

An issue was discovered in SmartFoxServer 2.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Python Smartfoxserver
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-3394 HIGH POC This Week

Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Millewin
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.8%
CVE-2021-21128 HIGH POC This Week

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2021-21127 HIGH POC This Week

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2021-26953 HIGH POC PATCH This Week

An issue was discovered in the postscript crate before 0.14.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Postscript
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-26952 HIGH POC PATCH This Week

An issue was discovered in the ms3d crate before 0.1.3 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ms3D
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-21139 MEDIUM POC This Month

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2021-21137 MEDIUM POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
5.9%
CVE-2021-23327 MEDIUM POC PATCH This Month

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apexcharts
NVD GitHub
CVSS 3.1
6.3
EPSS
1.4%
CVE-2020-15798 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Simatic Hmi Comfort Panels Firmware Simatic Hmi Ktp Mobile Panels Firmware Sinamics Gh150 Firmware Sinamics Gl150 Firmware +6
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-3294 MEDIUM POC This Month

CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Casap Automated Enrollment System
NVD Exploit-DB VulDB
CVSS 3.1
5.4
EPSS
3.0%
CVE-2021-21477 CRITICAL Act Now

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Commerce
NVD
CVSS 3.1
9.9
EPSS
29.8%
CVE-2021-21502 CRITICAL Act Now

Dell PowerScale OneFS versions 8.1.0 - 9.1.0 contain a "use of SSH key past account expiration" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-25140 CRITICAL Act Now

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft VMware Path Traversal Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
12.0%
CVE-2021-25139 CRITICAL Act Now

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Memory Corruption VMware +2
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-21146 CRITICAL Act Now

Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-21142 CRITICAL Act Now

Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-21132 CRITICAL Act Now

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Edge Chromium
NVD
CVSS 3.1
9.6
EPSS
23.4%
CVE-2021-21124 CRITICAL Act Now

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Information Disclosure Chrome +1
NVD
CVSS 3.1
9.6
EPSS
7.9%
CVE-2021-21121 CRITICAL Act Now

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
6.2%
CVE-2021-26550 MEDIUM POC This Month

An issue was discovered in SmartFoxServer 2.17.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smartfoxserver
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-26549 MEDIUM POC This Month

An XSS issue was discovered in SmartFoxServer 2.17.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartfoxserver
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-26954 MEDIUM POC PATCH This Month

An issue was discovered in the qwutils crate before 0.3.1 for Rust. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qwutils
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-21472 HIGH This Week

SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Authentication Bypass Software Provisioning Manager
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-3191 HIGH This Week

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Web Viewpoint
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2021-26675 HIGH PATCH This Week

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Connman Debian Linux Leap
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21148 HIGH KEV THREAT This Week

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
19.8%
CVE-2021-21145 HIGH This Week

Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-21144 HIGH This Week

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-21143 HIGH This Week

Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21122 HIGH This Week

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
7.0%
CVE-2021-21120 HIGH PATCH This Week

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
6.9%
CVE-2021-21119 HIGH This Week

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
6.8%
CVE-2021-21118 HIGH PATCH This Week

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Chrome Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
16.8%
CVE-2021-21138 HIGH This Week

Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2021-21125 HIGH This Week

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass Chrome Edge Chromium
NVD
CVSS 3.1
8.1
EPSS
8.1%
CVE-2021-22663 HIGH This Week

Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cscape
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-21117 HIGH This Week

Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21475 HIGH This Week

Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal SAP Netweaver Master Data Management Server
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-21140 MEDIUM PATCH This Month

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Chrome Edge
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-21474 MEDIUM This Month

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Hana Database
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-26676 MEDIUM PATCH This Month

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Connman Debian Linux Leap
NVD
CVSS 3.1
6.5
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy