Skip to main content
CVE-2021-27362 CRITICAL POC Act Now

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Information Disclosure Wpg
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-26809 CRITICAL POC Act Now

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Rental Portal
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-25779 CRITICAL POC Act Now

Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-27224 HIGH POC THREAT This Week

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Wpg
NVD
CVSS 3.1
7.5
EPSS
38.0%
CVE-2021-22174 HIGH POC PATCH This Week

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-22173 HIGH POC PATCH This Week

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-26911 HIGH POC PATCH This Week

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Canary Mail Mailcore2
NVD GitHub
CVSS 3.1
7.4
EPSS
1.1%
CVE-2021-25780 HIGH POC This Week

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Baby Care System
NVD GitHub
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-20655 HIGH POC This Week

FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Filezen
NVD
CVSS 3.1
7.2
EPSS
4.0%
CVE-2021-22855 CRITICAL Act Now

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hr Portal
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-3396 HIGH PATCH This Week

OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Horizon Meridian Newts
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-22858 HIGH This Week

Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Changjia Property Management System
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23885 HIGH This Week

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Web Gateway
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-27138 HIGH PATCH This Week

The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure U Boot
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-27097 HIGH PATCH This Week

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure U Boot
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-26720 HIGH This Week

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Debian Denial Of Service Avahi Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-1366 HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Microsoft Jwt Attack Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-0109 HIGH This Week

Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Compute Stick Stk1A32Sc Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-26934 HIGH PATCH This Week

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26930 HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27374 HIGH This Week

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Weboffice
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-27367 HIGH PATCH This Week

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Bolt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-1378 HIGH This Week

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Staros
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-22854 HIGH This Week

The HR Portal of Soar Cloud System fails to filter specific parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Hr Portal
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-22553 HIGH This Week

Any git operation is passed through Jetty and a session is created. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gerrit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-22857 HIGH This Week

The CGE page with download function contains a Directory Traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Changjia Property Management System
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-22856 HIGH This Week

The CGE property management system contains SQL Injection vulnerabilities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Changjia Property Management System
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-1412 MEDIUM This Month

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-26559 MEDIUM PATCH This Month

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation Authentication Bypass Airflow
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2021-23339 MEDIUM PATCH This Month

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Akka Http
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-1351 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1372 MEDIUM This Month

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Webex Meetings Webex Meetings Server
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-26933 MEDIUM PATCH This Month

An issue was discovered in Xen 4.9 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-26932 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-26931 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-22853 MEDIUM This Month

The HR Portal of Soar Cloud System fails to manage access control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Hr Portal
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-26697 MEDIUM PATCH This Month

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Privilege Escalation Airflow
NVD
CVSS 3.1
5.3
EPSS
4.6%
CVE-2021-20653 MEDIUM This Month

Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Csdj B Firmware Csdj H Firmware Csdj D Firmware Csdj A Firmware
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-1416 MEDIUM This Month

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy