Skip to main content
CVE-2021-26594 HIGH POC This Week

In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Directus
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-3410 HIGH POC This Week

A flaw was found in libcaca v0.99.beta19. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libcaca Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-26593 HIGH POC This Week

{id}. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-3252 HIGH POC This Week

KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Xp100U Firmware
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-20247 HIGH POC This Week

A flaw was found in mbsync before v1.3.5 and v1.4.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mbsync Extra Packages For Enterprise Linux Debian Linux Fedora
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2021-26926 HIGH POC PATCH This Week

A flaw was found in jasper before 2.0.25. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Jasper Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
1.2%
CVE-2021-20182 HIGH PATCH This Week

A privilege escalation flaw was found in openshift4/ose-docker-builder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation Path Traversal Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-22112 HIGH PATCH This Week

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Spring Security Communications Element Manager Communications Interactive Session Recorder +4
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2021-20198 HIGH PATCH This Week

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Openshift Installer
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2021-20194 HIGH PATCH This Week

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26677 HIGH This Week

A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27579 HIGH This Week

Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Snow Inventory Agent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-22651 HIGH PATCH This Week

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Keyshot Keyshot Network Rendering Keyshot Viewer Keyvr +2
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2021-20226 HIGH This Week

A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Memory Corruption Denial Of Service Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25630 HIGH This Week

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Online
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22649 HIGH This Week

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Keyshot Keyshot Network Rendering Keyshot Viewer +3
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-22647 HIGH This Week

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Keyshot Keyshot Network Rendering +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-22645 HIGH This Week

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keyshot Keyshot Network Rendering Keyshot Viewer Keyvr +2
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-22643 HIGH This Week

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Keyshot Keyshot Network Rendering +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-22882 HIGH This Week

UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Denial Of Service Unifi Protect Controller
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20230 HIGH PATCH This Week

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Stunnel
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-26680 HIGH This Week

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26679 HIGH This Week

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26684 HIGH This Week

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26683 HIGH This Week

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-26681 HIGH This Week

A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy