Skip to main content
CVE-2020-24841 CRITICAL POC Act Now

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pnpscada
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-27232 HIGH POC This Week

The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Digital Sentry Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21315 HIGH POC KEV PATCH THREAT This Week

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Node.js Command Injection Systeminformation Cordova
NVD GitHub
CVSS 3.1
7.8
EPSS
90.2%
CVE-2021-27104 CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
56.4%
CVE-2021-27103 CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
11.3%
CVE-2021-27101 CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-25648 CRITICAL Act Now

Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Testes De Codigo
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-27236 CRITICAL Act Now

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Voice
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-27234 CRITICAL Act Now

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Voice
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-20066 MEDIUM POC This Month

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Jsdom
NVD GitHub
CVSS 3.1
5.6
EPSS
1.4%
CVE-2021-27203 MEDIUM POC This Month

In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Private Disk
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-27231 MEDIUM POC This Month

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-20074 HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection M Dge Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-20073 HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF M Dge Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-27237 MEDIUM POC PATCH This Month

The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Blackcat Cms
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-27229 HIGH PATCH This Week

Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Mumble Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2021-20987 HIGH This Week

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ethernet Ip Adapter Firmware Wcs Firmware +6
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2021-27102 HIGH KEV THREAT This Week

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fta
NVD GitHub
CVSS 3.1
7.8
EPSS
3.6%
CVE-2021-20075 HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation M Dge Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21316 HIGH PATCH This Week

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Node.js Information Disclosure Less Openui5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-23840 HIGH PATCH This Week

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Denial Of Service Debian Linux Log Correlation Engine +18
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-20986 HIGH This Week

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Profinet Io Device Firmware Pgv100 F200A B17 V1D Firmware +22
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20072 HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal M Dge Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-23841 MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Nessus Network Monitor +20
NVD
CVSS 3.1
5.9
EPSS
7.5%
CVE-2021-20067 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M Dge Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-21317 MEDIUM PATCH This Month

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Python Denial Of Service Uap Core
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2021-27235 MEDIUM This Month

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Voice
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-27233 MEDIUM This Month

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Voice
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-20071 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20070 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20069 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20068 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-23839 LOW PATCH Monitor

OpenSSL 1.0.2 supports SSLv2. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Business Intelligence Enterprise Manager For Storage Management Enterprise Manager Ops Center +4
NVD
CVSS 3.1
3.7
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy