Skip to main content
CVE-2021-21783 CRITICAL POC PATCH Act Now

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Gsoap Communications Diameter Signaling Router Communications Eagle Application Processor Communications Eagle Lnp Application Processor +2
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2021-26715 CRITICAL POC Act Now

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SSRF Information Disclosure Connect
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-3119 HIGH POC PATCH This Week

Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference SQLi Denial Of Service Sqlcipher
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-29156 HIGH POC THREAT This Week

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Openam
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
76.4%
CVE-2021-26597 MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload Netact
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22889 MEDIUM POC PATCH THREAT This Month

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Revive Adserver
NVD GitHub
CVSS 3.1
6.1
EPSS
36.3%
CVE-2021-22888 MEDIUM POC PATCH THREAT This Month

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Revive Adserver
NVD GitHub
CVSS 3.1
6.1
EPSS
19.8%
CVE-2021-27372 CRITICAL Act Now

Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xpon Rtl9601D Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-27440 CRITICAL Act Now

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Reason Dr60 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-3466 CRITICAL PATCH Act Now

A flaw was found in libmicrohttpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libmicrohttpd Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2021-27193 CRITICAL Act Now

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vision Pro
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-3443 MEDIUM POC This Month

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jasper Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-26596 MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nokia Netact
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-29010 MEDIUM POC This Month

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29009 MEDIUM POC This Month

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29008 MEDIUM POC This Month

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27438 HIGH This Week

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Reason Dr60 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-27194 HIGH This Week

Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Vision Pro
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-22659 HIGH This Week

Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell Micrologix 1400 Firmware
NVD VulDB
CVSS 3.1
8.6
EPSS
0.7%
CVE-2021-29098 HIGH This Week

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Arcgis Engine Arcgis Pro Arcmap +1
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-29097 HIGH This Week

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Arcgis Engine Arcgis Pro +2
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-27454 HIGH This Week

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Reason Dr60 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27452 HIGH This Week

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mu320E Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27450 HIGH This Week

SSH server configuration file does not implement some best practices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mu320E Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27448 HIGH This Week

A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mu320E Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29096 HIGH This Week

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Arcgis Engine Arcgis Pro +2
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-27192 HIGH This Week

Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Vision Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25355 HIGH This Week

Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Notes
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25352 HIGH This Week

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Bixby Voice
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25349 HIGH This Week

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Slow Motion Editor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-20217 HIGH This Week

A flaw was found in Privoxy in versions before 3.0.31. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20216 HIGH This Week

A flaw was found in Privoxy in versions before 3.0.31. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-20215 HIGH PATCH This Week

A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-20214 HIGH PATCH This Week

A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-20213 HIGH PATCH This Week

A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-20212 HIGH PATCH This Week

A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-20211 HIGH PATCH This Week

A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-20210 HIGH PATCH This Week

A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-25368 HIGH This Week

Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-22496 HIGH This Week

Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20679 HIGH This Week

Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Docucentre Vii C7773 Firmware Docucentre Vii C6673 Firmware Docucentre Vii C5573 Firmware Docucentre Vii C4473 Firmware +71
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3450 HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd Santricity Smi S Provider Firmware Storagegrid Firmware +29
NVD
CVSS 3.1
7.4
EPSS
18.3%
CVE-2021-25353 HIGH This Week

Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Themes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-1492 HIGH This Week

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Proxy
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-29095 MEDIUM This Month

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Memory Corruption Arcgis Server
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-29094 MEDIUM This Month

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Arcgis Server
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2021-29093 MEDIUM This Month

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Arcgis Server
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-27195 MEDIUM This Month

Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Vision Pro
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-3449 MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-3467 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jasper Fedora
NVD
CVSS 3.1
5.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy