Skip to main content
CVE-2021-28937 HIGH POC This Week

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireless N Wifi Repeater Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
5.3%
CVE-2021-28936 HIGH POC This Week

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wireless N Wifi Repeater Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-23358 HIGH POC PATCH This Week

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Underscore Debian Linux Tenable Sc +1
NVD GitHub
CVSS 3.1
7.2
EPSS
4.1%
CVE-2021-29416 MEDIUM POC This Month

An issue was discovered in PortSwigger Burp Suite before 2021.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Burp Suite
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29267 MEDIUM POC This Month

Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sherlockim
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-29274 MEDIUM POC This Month

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-28672 CRITICAL Act Now

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Phaser 6510 Firmware Workcentre 6515 Firmware Versalink B400 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-28671 CRITICAL Act Now

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phaser 6510 Firmware Workcentre 6515 Firmware Versalink B400 Firmware Versalink B405 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-27274 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear RCE File Upload Prosafe Network Management System
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-28673 CRITICAL Act Now

Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phaser 6510 Firmware Workcentre 6515 Firmware Versalink B400 Firmware Versalink B405 Firmware +19
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-28668 CRITICAL PATCH Act Now

Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Altalink B8045 Firmware Altalink B8055 Firmware Altalink B8065 Firmware Altalink B8075 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-26714 CRITICAL Act Now

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Micontact Center Enterprise
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-29417 CRITICAL PATCH Act Now

gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Gitjacker
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-27352 MEDIUM POC This Month

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Ilch Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-28670 CRITICAL PATCH Act Now

Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Altalink B8045 Firmware Altalink B8055 Firmware Altalink B8065 Firmware Altalink B8075 Firmware +6
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-27273 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear RCE Command Injection Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
65.0%
CVE-2021-27243 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-27242 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-27239 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE D6220 Firmware +34
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-25144 HIGH PATCH This Week

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-27275 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Path Traversal Prosafe Network Management System
NVD
CVSS 3.1
8.3
EPSS
73.3%
CVE-2021-27245 HIGH This Week

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

TP-Link Authentication Bypass Archer A7 Firmware
NVD
CVSS 3.1
8.1
EPSS
3.2%
CVE-2021-27240 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Patch Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28669 HIGH PATCH This Week

Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Altalink B8045 Firmware Altalink B8055 Firmware Altalink B8065 Firmware Altalink B8075 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-25143 HIGH PATCH This Week

A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-21727 HIGH This Week

A ZTE product has a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxhn F623 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-27276 HIGH This Week

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Path Traversal Prosafe Network Management System
NVD
CVSS 3.1
7.1
EPSS
72.5%
CVE-2021-27272 HIGH This Week

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Path Traversal Prosafe Network Management System
NVD
CVSS 3.1
7.1
EPSS
73.8%
CVE-2021-27244 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-27241 MEDIUM This Month

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Premium Security
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-3391 MEDIUM This Month

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mobile Work
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy