Skip to main content
CVE-2021-26566 CRITICAL POC Act Now

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Vs960Hd Firmware Skynas Firmware +1
NVD
CVSS 3.1
9.0
EPSS
1.4%
CVE-2021-23979 HIGH POC This Week

Mozilla developers reported memory safety bugs present in Firefox 85. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-23965 HIGH POC This Week

Mozilla developers reported memory safety bugs present in Firefox 84. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-26564 HIGH POC This Week

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Vs960Hd Firmware Skynas Firmware +1
NVD
CVSS 3.1
8.7
EPSS
0.6%
CVE-2021-26562 HIGH POC This Week

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Synology RCE Memory Corruption Diskstation Manager +3
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2021-26561 HIGH POC This Week

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Synology RCE Stack Overflow Diskstation Manager +3
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-27799 HIGH POC PATCH This Week

ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Barcode Generator
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-26560 HIGH POC This Week

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Vs960Hd Firmware Skynas Firmware +1
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2021-26563 MEDIUM POC This Month

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Synology RCE Authentication Bypass Diskstation Manager Vs960Hd Firmware +2
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-23956 MEDIUM POC This Month

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-26565 MEDIUM POC This Month

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Vs960Hd Firmware Skynas Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2021-27198 CRITICAL Act Now

An issue was discovered in Visualware MyConnection Server before v11.1a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft File Upload Java Myconnection Server
NVD
CVSS 3.1
9.8
EPSS
13.6%
CVE-2021-26904 CRITICAL Act Now

LMA ISIDA Retriever 5.2 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Retriever
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-3010 MEDIUM POC This Month

There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Content Server
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-23345 MEDIUM POC This Month

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gotenberg
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-21308 CRITICAL PATCH Act Now

PrestaShop is a fully scalable open source e-commerce solution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-21309 HIGH PATCH This Week

Redis is an open-source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
4.7%
CVE-2021-23978 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-23964 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-23962 HIGH This Week

Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-23960 HIGH This Week

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23954 HIGH This Week

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-23972 HIGH This Week

One phishing tactic on the web is to provide a link with HTTP Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-23976 HIGH This Week

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-26567 HIGH PATCH This Week

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Stack Overflow Diskstation Manager Vs960Hd Firmware +3
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-27803 HIGH PATCH This Week

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

RCE Denial Of Service Wpa Supplicant Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-22661 HIGH This Week

Changing the password on the module webpage does not require the user to type in the current password first. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Icx35 Hwc A Firmware Icx35 Hwc E Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-23961 HIGH This Week

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Debian Linux
NVD
CVSS 3.1
7.4
EPSS
1.3%
CVE-2021-23957 HIGH This Week

Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2021-21302 HIGH PATCH This Week

PrestaShop is a fully scalable open source e-commerce solution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Prestashop
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-0406 MEDIUM This Month

In cameraisp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0405 MEDIUM This Month

In performance driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0402 MEDIUM This Month

In jpeg, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-21274 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-21298 MEDIUM PATCH This Month

Node-Red is a low-code programming for event-driven applications built using nodejs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Node Red
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21297 MEDIUM PATCH This Month

Node-Red is a low-code programming for event-driven applications built using nodejs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Node Red
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-23958 MEDIUM This Month

The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-23975 MEDIUM This Month

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-23973 MEDIUM This Month

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-23971 MEDIUM This Month

When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-23970 MEDIUM This Month

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-0401 MEDIUM This Month

In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation Race Condition Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-0367 MEDIUM This Month

In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation Race Condition Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-0366 MEDIUM This Month

In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation Race Condition Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-21273 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-26903 MEDIUM This Month

LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Retriever
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-23959 MEDIUM This Month

An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23955 MEDIUM This Month

The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21330 MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Aiohttp Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-23974 MEDIUM This Month

The DOMParser API did not properly process '<noscript>' elements for escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
6.1
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy