Skip to main content
CVE-2021-27963 HIGH POC This Week

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonlogger
NVD GitHub
CVSS 3.1
8.2
EPSS
2.4%
CVE-2021-28026 HIGH POC This Week

jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption Jpeg Xl
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-28040 HIGH POC This Week

An issue was discovered in OSSEC 3.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ossec
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-27256 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Netgear RCE Command Injection Br200 Firmware Br500 Firmware +41
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-27255 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Netgear RCE Authentication Bypass Br200 Firmware Br500 Firmware +41
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-27254 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Netgear RCE Authentication Bypass Br200 Firmware Br500 Firmware +41
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-26961 HIGH This Week

A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aruba Airwave
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-26960 HIGH This Week

A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aruba Airwave
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-27098 HIGH PATCH This Week

In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spire
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-28042 HIGH This Week

Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Mailoptimizer
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2021-28036 HIGH PATCH This Week

An issue was discovered in the quinn crate before 0.7.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Quinn
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-28030 HIGH PATCH This Week

An issue was discovered in the truetype crate before 0.30.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Truetype
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28029 HIGH PATCH This Week

An issue was discovered in the toodee crate before 0.3.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Toodee
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-26963 HIGH This Week

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Airwave
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-26962 HIGH This Week

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Airwave
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-28041 HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh Fedora Cloud Backup +6
NVD GitHub
CVSS 3.1
7.1
EPSS
3.4%
CVE-2021-26964 HIGH This Week

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Airwave
NVD
CVSS 3.1
7.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy