Skip to main content
CVE-2021-23979 HIGH POC This Week

Mozilla developers reported memory safety bugs present in Firefox 85. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-23965 HIGH POC This Week

Mozilla developers reported memory safety bugs present in Firefox 84. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-26564 HIGH POC This Week

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Vs960Hd Firmware Skynas Firmware +1
NVD
CVSS 3.1
8.7
EPSS
0.6%
CVE-2021-26562 HIGH POC This Week

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Synology RCE Memory Corruption Diskstation Manager +3
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2021-26561 HIGH POC This Week

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Synology RCE Stack Overflow Diskstation Manager +3
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-27799 HIGH POC PATCH This Week

ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Barcode Generator
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-26560 HIGH POC This Week

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Vs960Hd Firmware Skynas Firmware +1
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2021-21309 HIGH PATCH This Week

Redis is an open-source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
4.7%
CVE-2021-23978 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-23964 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-23962 HIGH This Week

Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-23960 HIGH This Week

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23954 HIGH This Week

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-23972 HIGH This Week

One phishing tactic on the web is to provide a link with HTTP Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-23976 HIGH This Week

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-26567 HIGH PATCH This Week

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Stack Overflow Diskstation Manager Vs960Hd Firmware +3
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-27803 HIGH PATCH This Week

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

RCE Denial Of Service Wpa Supplicant Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-22661 HIGH This Week

Changing the password on the module webpage does not require the user to type in the current password first. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Icx35 Hwc A Firmware Icx35 Hwc E Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-23961 HIGH This Week

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Debian Linux
NVD
CVSS 3.1
7.4
EPSS
1.3%
CVE-2021-23957 HIGH This Week

Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2021-21302 HIGH PATCH This Week

PrestaShop is a fully scalable open source e-commerce solution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Prestashop
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy