Skip to main content
CVE-2021-3210 CRITICAL POC Act Now

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bloodhound
NVD GitHub
CVSS 3.1
9.6
EPSS
2.7%
CVE-2021-27328 MEDIUM POC This Month

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Neogate Tg400 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
9.0%
CVE-2020-19513 HIGH POC This Week

Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Aida64
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-26296 HIGH POC PATCH This Week

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Apache Myfaces Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-3204 MEDIUM POC This Month

SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Webdesktop
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-3189 MEDIUM POC This Month

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Node.js Slashify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-27214 MEDIUM POC This Month

A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-23342 MEDIUM POC PATCH This Month

This affects the package docsify before 4.12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Docsify
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-27404 MEDIUM POC This Month

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Askey Rtf8115Vw Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-27403 MEDIUM POC This Month

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Askey Rtf8115Vw Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-20588 CRITICAL Act Now

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Controller Module Setting And Monitoring Tool Cpu Module Logging Configuration Tool Cw Configurator Data Transfer +37
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2021-20587 CRITICAL Act Now

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow C Controller Module Setting And Monitoring Tool Cpu Module Logging Configuration Tool Cw Configurator +38
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-22703 HIGH This Week

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerlogic Ion7400 Firmware Powerlogic Ion7650 Firmware Powerlogic Ion8600 Firmware Powerlogic Ion8650 Firmware +6
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-22702 HIGH This Week

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerlogic Ion7400 Firmware Powerlogic Ion7650 Firmware Powerlogic Ion7700 Firmware Powerlogic Ion7300 Firmware +8
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-27509 HIGH This Week

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Myconnection Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-27405 HIGH PATCH This Week

A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Scrapbox Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-26713 MEDIUM This Month

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Asterisk Certified Asterisk
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-26746 MEDIUM PATCH This Month

Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Chamilo
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-21512 MEDIUM This Month

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerprotect Cyber Recovery
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-27351 MEDIUM This Month

The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Telegram
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-22701 MEDIUM This Month

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Powerlogic Ion7400 Firmware Powerlogic Ion7650 Firmware Powerlogic Ion8600 Firmware Powerlogic Ion8650 Firmware +6
NVD VulDB
CVSS 3.1
4.5
EPSS
0.2%
CVE-2021-3339 MEDIUM This Month

ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Modernflow
NVD
CVSS 3.1
4.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy