Skip to main content
CVE-2021-27221 HIGH POC This Week

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
8.1
EPSS
4.5%
CVE-2021-21384 HIGH POC PATCH This Week

shescape is a simple shell escape package for JavaScript. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Code Injection Shescape
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-21267 HIGH POC PATCH This Week

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Schema Inspector E Series Performance Analyzer Oncommand Insight
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-27928 HIGH POC THREAT This Week

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Oracle Code Injection MariaDB Percona Server +2
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
38.2%
CVE-2021-26992 HIGH PATCH This Week

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cloud Manager
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-26991 HIGH PATCH This Week

Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cloud Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-21387 HIGH This Week

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wrongthink
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-28831 HIGH PATCH This Week

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Busybox Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-28089 HIGH This Week

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Fedora
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-28110 HIGH This Week

/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Tranzware E Commerce Payment Gateway
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-25293 HIGH PATCH This Week

An issue was discovered in Pillow before 8.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-25291 HIGH PATCH This Week

An issue was discovered in Pillow before 8.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-25290 HIGH PATCH This Week

An issue was discovered in Pillow before 8.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Pillow Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy