Skip to main content
CVE-2021-28834 CRITICAL POC PATCH Act Now

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kramdown Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-26275 CRITICAL POC Act Now

The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Eslint Fixer
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-27221 HIGH POC This Week

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
8.1
EPSS
4.5%
CVE-2021-21384 HIGH POC PATCH This Week

shescape is a simple shell escape package for JavaScript. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Code Injection Shescape
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-21267 HIGH POC PATCH This Week

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Schema Inspector E Series Performance Analyzer Oncommand Insight
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-27928 HIGH POC THREAT This Week

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Oracle Code Injection MariaDB Percona Server +2
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
38.2%
CVE-2021-27520 MEDIUM POC This Month

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.4%
CVE-2021-27519 MEDIUM POC This Month

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
7.6%
CVE-2021-25277 MEDIUM POC This Month

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ftapi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-21390 MEDIUM POC PATCH This Month

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Minio
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-25289 CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Pillow
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-3327 MEDIUM POC This Month

Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynamic Content
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-26990 CRITICAL PATCH Act Now

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Cloud Manager
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-26992 HIGH PATCH This Week

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cloud Manager
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-26991 HIGH PATCH This Week

Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cloud Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-21387 HIGH This Week

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wrongthink
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-28831 HIGH PATCH This Week

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Busybox Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-28089 HIGH This Week

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Fedora
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-28110 HIGH This Week

/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Tranzware E Commerce Payment Gateway
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-25293 HIGH PATCH This Week

An issue was discovered in Pillow before 8.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-25291 HIGH PATCH This Week

An issue was discovered in Pillow before 8.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-25290 HIGH PATCH This Week

An issue was discovered in Pillow before 8.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Pillow Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-20077 MEDIUM PATCH This Month

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Nessus Agent
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-25292 MEDIUM PATCH This Month

An issue was discovered in Pillow before 8.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-28653 MEDIUM This Month

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Armorlock
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-28126 MEDIUM This Month

index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tranzware E Commerce Payment Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-28109 MEDIUM This Month

TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Tranzware Fimi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-27906 MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Pdfbox Fedora Banking Corporate Lending Process Management +16
NVD
CVSS 3.1
5.5
EPSS
3.3%
CVE-2021-27807 MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an infinite loop while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Pdfbox Fedora Banking Trade Finance Process Management +12
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2021-27506 MEDIUM This Month

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netasq Stormshield Network Security Clamav
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-28090 MEDIUM This Month

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Fedora
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25278 MEDIUM This Month

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ftapi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy