Skip to main content
CVE-2021-23360 HIGH POC PATCH This Week

This affects the package killport before 1.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Killport
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28957 MEDIUM POC PATCH This Month

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XSS Lxml Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
6.1
EPSS
4.0%
CVE-2021-28961 HIGH PATCH This Week

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Openwrt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-28954 HIGH This Week

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Bit
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-28953 HIGH PATCH This Week

The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE C C Advanced Lint
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy