Skip to main content
CVE-2021-27224 HIGH POC THREAT This Week

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Wpg
NVD
CVSS 3.1
7.5
EPSS
38.0%
CVE-2021-22174 HIGH POC PATCH This Week

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-22173 HIGH POC PATCH This Week

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-26911 HIGH POC PATCH This Week

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Canary Mail Mailcore2
NVD GitHub
CVSS 3.1
7.4
EPSS
1.1%
CVE-2021-25780 HIGH POC This Week

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Baby Care System
NVD GitHub
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-20655 HIGH POC This Week

FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Filezen
NVD
CVSS 3.1
7.2
EPSS
4.0%
CVE-2021-3396 HIGH PATCH This Week

OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Horizon Meridian Newts
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-22858 HIGH This Week

Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Changjia Property Management System
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23885 HIGH This Week

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Web Gateway
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-27138 HIGH PATCH This Week

The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure U Boot
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-27097 HIGH PATCH This Week

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure U Boot
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-26720 HIGH This Week

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Debian Denial Of Service Avahi Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-1366 HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Microsoft Jwt Attack Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-0109 HIGH This Week

Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Compute Stick Stk1A32Sc Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-26934 HIGH PATCH This Week

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26930 HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27374 HIGH This Week

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Weboffice
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-27367 HIGH PATCH This Week

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Bolt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-1378 HIGH This Week

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Staros
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-22854 HIGH This Week

The HR Portal of Soar Cloud System fails to filter specific parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Hr Portal
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-22553 HIGH This Week

Any git operation is passed through Jetty and a session is created. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gerrit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-22857 HIGH This Week

The CGE page with download function contains a Directory Traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Changjia Property Management System
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-22856 HIGH This Week

The CGE property management system contains SQL Injection vulnerabilities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Changjia Property Management System
NVD
CVSS 3.1
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy