Skip to main content
CVE-2021-21372 HIGH POC PATCH This Week

Nimble is a package manager for the Nim programming language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Nim
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2021-21389 HIGH POC PATCH THREAT This Week

BuddyPress is an open source WordPress plugin to build a community site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Buddypress
NVD GitHub
CVSS 3.1
8.8
EPSS
13.9%
CVE-2021-28249 HIGH POC This Week

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ehealth Performance Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-21374 HIGH POC PATCH This Week

Nimble is a package manager for the Nim programming language. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Nim
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-28250 HIGH POC This Week

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ehealth Performance Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28246 HIGH POC This Week

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ehealth
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-29255 HIGH POC This Week

MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mym71080I B Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-28248 HIGH POC This Week

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ehealth
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-21332 HIGH PATCH This Week

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

CSRF Python XSS Synapse Fedora
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
CVE-2021-29266 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.11.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29249 HIGH This Week

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-22506 HIGH KEV THREAT This Week

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.1
7.5
EPSS
25.7%
CVE-2021-20206 HIGH PATCH This Week

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Container Network Interface
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-20682 HIGH PATCH This Week

baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Basercms
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-20271 HIGH PATCH This Week

A flaw was found in RPM's signature check functionality when reading a package file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Rpm Enterprise Linux Fedora Starwind Virtual San
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy