Skip to main content
CVE-2021-27329 CRITICAL POC Act Now

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Frendica
NVD GitHub
CVSS 3.1
10.0
EPSS
1.5%
CVE-2021-26747 CRITICAL POC THREAT Act Now

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wf2780 Firmware Wf2411 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
53.6%
CVE-2021-27335 CRITICAL POC Act Now

KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Java Kollect
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-27377 CRITICAL POC PATCH Act Now

An issue was discovered in the yottadb crate before 1.2.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Yottadb
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-27376 CRITICAL POC PATCH Act Now

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nb Connect
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-23341 HIGH POC PATCH This Week

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Prism
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-23340 HIGH POC PATCH This Week

This affects the package pimcore/pimcore before 6.8.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Pimcore
NVD GitHub
CVSS 3.1
7.1
EPSS
1.3%
CVE-2021-27124 MEDIUM POC This Month

SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doctor Appointment System
NVD
CVSS 3.1
6.5
EPSS
5.7%
CVE-2021-27378 CRITICAL PATCH Act Now

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rand Core
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-3271 MEDIUM POC PATCH This Month

PressBooks 5.17.3 contains a cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pressbooks
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-20443 HIGH PATCH This Week

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo For Civil Infrastructure
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-27379 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26712 HIGH PATCH This Week

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Asterisk Certified Asterisk
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-26717 HIGH PATCH This Week

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-20354 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-20445 MEDIUM PATCH This Month

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Maximo For Civil Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20444 MEDIUM PATCH This Month

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo For Civil Infrastructure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-26906 MEDIUM PATCH This Month

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 3.1
5.9
EPSS
2.5%
CVE-2021-21318 MEDIUM PATCH This Month

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20446 MEDIUM PATCH This Month

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo For Civil Infrastructure
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27375 MEDIUM PATCH This Month

Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Traefik
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy