Skip to main content
CVE-2021-26957 CRITICAL POC PATCH Act Now

An issue was discovered in the xcb crate through 2021-02-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xcb
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-26956 CRITICAL POC PATCH Act Now

An issue was discovered in the xcb crate through 2021-02-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xcb
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-26955 CRITICAL POC PATCH Act Now

An issue was discovered in the xcb crate through 2021-02-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xcb
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-26951 CRITICAL POC PATCH Act Now

An issue was discovered in the calamine crate before 0.17.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Calamine
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-26937 CRITICAL POC Act Now

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Screen Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2021-26918 CRITICAL POC Act Now

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bot
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-21479 CRITICAL POC PATCH Act Now

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Scimono
NVD GitHub
CVSS 3.1
9.1
EPSS
10.0%
CVE-2020-15798 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Simatic Hmi Comfort Panels Firmware Simatic Hmi Ktp Mobile Panels Firmware Sinamics Gh150 Firmware Sinamics Gl150 Firmware +6
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-21477 CRITICAL Act Now

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Commerce
NVD
CVSS 3.1
9.9
EPSS
29.8%
CVE-2021-21502 CRITICAL Act Now

Dell PowerScale OneFS versions 8.1.0 - 9.1.0 contain a "use of SSH key past account expiration" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-25140 CRITICAL Act Now

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft VMware Path Traversal Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
12.0%
CVE-2021-25139 CRITICAL Act Now

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Memory Corruption VMware +2
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-21146 CRITICAL Act Now

Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-21142 CRITICAL Act Now

Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-21132 CRITICAL Act Now

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Edge Chromium
NVD
CVSS 3.1
9.6
EPSS
23.4%
CVE-2021-21124 CRITICAL Act Now

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Information Disclosure Chrome +1
NVD
CVSS 3.1
9.6
EPSS
7.9%
CVE-2021-21121 CRITICAL Act Now

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
6.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy