Skip to main content
CVE-2021-28032 CRITICAL POC PATCH Act Now

An issue was discovered in the nano_arena crate before 0.5.2 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nano Arena
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-27964 CRITICAL POC THREAT Act Now

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sonlogger
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
46.0%
CVE-2021-27314 CRITICAL POC THREAT Act Now

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doctor Appointment System
NVD
CVSS 3.1
9.8
EPSS
12.4%
CVE-2021-26705 CRITICAL POC Act Now

An issue was discovered in SquareBox CatDV Server through 9.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Catdv
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
2.1%
CVE-2021-27963 HIGH POC This Week

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonlogger
NVD GitHub
CVSS 3.1
8.2
EPSS
2.4%
CVE-2021-28026 HIGH POC This Week

jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption Jpeg Xl
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-28040 HIGH POC This Week

An issue was discovered in OSSEC 3.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ossec
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-3377 MEDIUM POC PATCH This Month

The npm package ansi_up converts ANSI escape codes into HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js XSS Ansi Up
NVD GitHub
CVSS 3.1
6.1
EPSS
8.0%
CVE-2021-27581 CRITICAL Act Now

The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kentico Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-3420 CRITICAL PATCH Act Now

A flaw was found in newlib in versions prior to 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Newlib Fedora
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-28037 CRITICAL PATCH Act Now

An issue was discovered in the internment crate before 0.4.2 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Internment
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-28035 CRITICAL PATCH Act Now

An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Stack Dst
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-28034 CRITICAL PATCH Act Now

An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Stack Dst
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-28033 CRITICAL PATCH Act Now

An issue was discovered in the byte_struct crate before 0.6.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Deserialization Byte Struct
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-28031 CRITICAL PATCH Act Now

An issue was discovered in the scratchpad crate before 1.3.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Scratchpad
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-28028 CRITICAL PATCH Act Now

An issue was discovered in the toodee crate before 0.3.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Toodee
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-28027 CRITICAL PATCH Act Now

An issue was discovered in the bam crate before 0.1.3 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Bam
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-27965 CRITICAL PATCH Act Now

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Privilege Escalation Dragon Center
NVD GitHub
CVSS 3.1
9.8
EPSS
11.8%
CVE-2021-27256 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Netgear RCE Command Injection Br200 Firmware Br500 Firmware +41
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-27255 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Netgear RCE Authentication Bypass Br200 Firmware Br500 Firmware +41
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-27254 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Netgear RCE Authentication Bypass Br200 Firmware Br500 Firmware +41
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-26961 HIGH This Week

A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aruba Airwave
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-26960 HIGH This Week

A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aruba Airwave
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-27098 HIGH PATCH This Week

In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spire
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-28042 HIGH This Week

Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Mailoptimizer
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2021-28036 HIGH PATCH This Week

An issue was discovered in the quinn crate before 0.7.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Quinn
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-28030 HIGH PATCH This Week

An issue was discovered in the truetype crate before 0.30.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Truetype
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28029 HIGH PATCH This Week

An issue was discovered in the toodee crate before 0.3.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Toodee
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-26963 HIGH This Week

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Airwave
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-26962 HIGH This Week

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Airwave
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-28041 HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh Fedora Cloud Backup +6
NVD GitHub
CVSS 3.1
7.1
EPSS
3.4%
CVE-2021-26964 HIGH This Week

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Airwave
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-27099 MEDIUM PATCH This Month

In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Spire
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2021-27257 MEDIUM PATCH This Month

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Netgear RCE Br200 Firmware Br500 Firmware D7800 Firmware +40
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-28039 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Xen Cloud Backup +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-28038 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Debian Linux Cloud Backup +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-26969 MEDIUM This Month

A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Aruba Airwave
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-26966 MEDIUM This Month

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Airwave
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-26965 MEDIUM This Month

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Airwave
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-26971 MEDIUM This Month

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Airwave
NVD
CVSS 3.1
6.3
EPSS
1.3%
CVE-2021-26970 MEDIUM This Month

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Airwave
NVD
CVSS 3.1
6.3
EPSS
1.3%
CVE-2021-26967 MEDIUM This Month

A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aruba Airwave
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20665 MEDIUM This Month

Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type Movable Type Advanced Movable Type Premium Movable Type Premium Advanced
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20664 MEDIUM This Month

Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type Movable Type Advanced Movable Type Premium Movable Type Premium Advanced
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20663 MEDIUM This Month

Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type Movable Type Advanced Movable Type Premium Movable Type Premium Advanced
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-25313 MEDIUM PATCH This Month

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rancher
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-21725 MEDIUM This Month

A ZTE product has an information leak vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxhn H196Q Firmware
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-27907 MEDIUM PATCH This Month

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 3.1
5.4
EPSS
86.4%
CVE-2021-26968 MEDIUM This Month

A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aruba Airwave
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy