Skip to main content
CVE-2021-21345 CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.9
EPSS
72.3%
CVE-2021-21350 CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
15.2%
CVE-2021-21347 CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
14.3%
CVE-2021-21346 CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.4%
CVE-2021-21344 CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.0%
CVE-2021-21351 CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.1
EPSS
82.1%
CVE-2021-21342 CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight Activemq Jmeter +12
NVD GitHub
CVSS 3.1
9.1
EPSS
50.0%
CVE-2021-21349 HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight Activemq Jmeter +14
NVD GitHub
CVSS 3.1
8.6
EPSS
46.8%
CVE-2021-21343 HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Java Oncommand Insight Activemq Jmeter +12
NVD GitHub
CVSS 3.1
7.5
EPSS
46.7%
CVE-2021-21341 HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oncommand Insight Activemq Jmeter +10
NVD GitHub
CVSS 3.1
7.5
EPSS
77.8%
CVE-2021-21401 HIGH POC PATCH This Week

Nanopb is a small code-size Protocol Buffers implementation in ansi C. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nanopb
NVD GitHub
CVSS 3.1
7.1
EPSS
1.8%
CVE-2021-21402 MEDIUM POC PATCH THREAT This Month

Jellyfin is a Free Software Media System. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Jellyfin
NVD GitHub
CVSS 3.1
6.5
EPSS
79.9%
CVE-2021-27310 MEDIUM POC This Month

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clansphere
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2021-27309 MEDIUM POC This Month

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clansphere
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-23274 CRITICAL Act Now

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Api Exchange Gateway Api Exchange Gateway Distribution
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-29079 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware Rbk853 Firmware Rbk854 Firmware +2
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2021-29078 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware Rbk853 Firmware Rbk854 Firmware +8
NVD
CVSS 3.1
9.6
EPSS
0.8%
CVE-2021-29077 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbw30 Firmware Rbs40V Firmware Rbk852 Firmware +10
NVD
CVSS 3.1
9.6
EPSS
0.8%
CVE-2021-29076 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware Rbk853 Firmware Rbk854 Firmware +2
NVD
CVSS 3.1
9.6
EPSS
0.8%
CVE-2021-29067 CRITICAL Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rbw30 Firmware Rbs40V Firmware Rbk852 Firmware +10
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2021-29066 CRITICAL Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rbk852 Firmware Rbk853 Firmware Rbk854 Firmware +2
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2021-29065 CRITICAL Act Now

NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rbr850 Firmware
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2021-23362 MEDIUM POC PATCH This Month

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Hosted Git Info Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
5.3
EPSS
3.6%
CVE-2021-29071 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware Rbk853 Firmware Rbk854 Firmware +8
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2021-21380 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-22864 HIGH This Week

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-28824 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Activespaces
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-27969 MEDIUM POC This Month

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolphin
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-27531 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27530 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27529 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27528 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27527 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27526 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29082 HIGH This Week

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbw30 Firmware Rbs40V Firmware Rbk752 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-29068 HIGH This Week

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear R6700 Firmware R6400 Firmware R7000 Firmware +77
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21355 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Typo3
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2021-27908 MEDIUM POC PATCH This Month

In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mautic
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-29081 HIGH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption Rbw30 Firmware Rbk852 Firmware +10
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2021-29075 HIGH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption Rbw30 Firmware Rbk852 Firmware +10
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2021-29074 HIGH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption Rbw30 Firmware Rbk852 Firmware +10
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2021-29073 HIGH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption R8000P Firmware Mk62 Firmware +11
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2021-29072 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware Rbk853 Firmware Rbk854 Firmware +2
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2021-29070 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware Rbk853 Firmware Rbk854 Firmware +2
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2021-29069 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Xr450 Firmware Xr500 Firmware Wnr2000V5 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2021-21357 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Typo3
NVD GitHub
CVSS 3.1
8.3
EPSS
1.6%
CVE-2021-29080 HIGH This Week

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk852 Firmware Rbk853 Firmware Rbr854 Firmware +13
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-28823 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Eftl
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28822 HIGH This Week

The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Message Service
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28821 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Enterprise Message Service
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy