Skip to main content
CVE-2021-20231 CRITICAL POC PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Gnutls +4
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-21368 HIGH POC PATCH This Week

msgpack5 is a msgpack v5 implementation for node.js and the browser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Node.js Msgpack5
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-27290 HIGH POC PATCH This Week

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Ssri Graalvm Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
7.5
EPSS
4.7%
CVE-2021-28302 HIGH POC This Week

A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pupnp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-23354 HIGH POC PATCH This Week

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Printf
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-28162 MEDIUM POC PATCH This Month

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Theia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-28161 MEDIUM POC PATCH This Month

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Theia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20232 CRITICAL PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Gnutls +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-28305 CRITICAL PATCH Act Now

An issue was discovered in the diesel crate before 1.4.6 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Diesel
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-27647 CRITICAL Act Now

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology RCE Information Disclosure Diskstation Manager
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-27646 CRITICAL Act Now

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology RCE Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-28308 CRITICAL PATCH Act Now

An issue was discovered in the fltk crate before 0.15.3 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fltk
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-21367 HIGH PATCH This Week

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Switchboard Bluetooth Plug Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-26569 HIGH This Week

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Synology RCE Diskstation Manager
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2021-21518 HIGH This Week

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Code Injection Supportassist Client Promanage Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21085 HIGH This Week

Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Connect
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2021-21082 HIGH This Week

Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2021-21077 HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
7.5%
CVE-2021-21071 HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
4.2%
CVE-2021-21069 HIGH PATCH This Week

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Adobe Creative Cloud Desktop Application
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2021-21067 HIGH This Week

Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop 2020
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-21056 HIGH PATCH This Week

Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Information Disclosure Adobe Framemaker
NVD
CVSS 3.0
7.8
EPSS
21.2%
CVE-2021-20674 HIGH This Week

Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Magicconnect
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-28092 HIGH PATCH This Week

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service Is Svg
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-28307 HIGH PATCH This Week

An issue was discovered in the fltk crate before 0.15.3 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fltk
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28306 HIGH PATCH This Week

An issue was discovered in the fltk crate before 0.15.3 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fltk
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-21076 HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.0
7.1
EPSS
3.2%
CVE-2021-21075 HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.0
7.1
EPSS
3.0%
CVE-2021-21074 HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.0
7.1
EPSS
3.2%
CVE-2021-21073 HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.0
7.1
EPSS
3.0%
CVE-2021-21072 HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.1
7.1
EPSS
3.0%
CVE-2021-21078 MEDIUM This Month

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Adobe Creative Cloud Desktop Application
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21080 MEDIUM This Month

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-21079 MEDIUM This Month

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-21068 MEDIUM This Month

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Adobe Creative Cloud Desktop Application
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21379 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-21366 MEDIUM PATCH This Month

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmldom Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
CVE-2021-21726 LOW Monitor

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxone 9700 Firmware Zxone 8700 Firmware Zxone 19700 Firmware
NVD
CVSS 3.1
2.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy