Skip to main content
CVE-2021-26810 CRITICAL POC Act Now

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2021-23363 HIGH POC PATCH This Week

This affects the package kill-by-port before 0.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Kill By Port
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-25162 HIGH POC PATCH THREAT This Week

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Command Injection Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
27.0%
CVE-2021-25159 MEDIUM POC PATCH THREAT This Month

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
13.5%
CVE-2021-25155 MEDIUM POC PATCH THREAT This Month

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
13.3%
CVE-2021-25161 MEDIUM POC PATCH THREAT This Month

A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
16.4%
CVE-2021-25158 MEDIUM POC PATCH THREAT This Month

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Race Condition Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
30.6%
CVE-2021-25149 CRITICAL PATCH Act Now

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-21413 CRITICAL PATCH Act Now

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity.

RCE File Upload Isolated Vm
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2021-29343 MEDIUM POC This Month

Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ovidentia
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-28935 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cms Made Simple
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-25160 MEDIUM POC PATCH This Month

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
4.9
EPSS
7.1%
CVE-2021-25157 MEDIUM POC PATCH THREAT This Month

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x:. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
4.9
EPSS
10.3%
CVE-2021-25156 MEDIUM POC PATCH THREAT This Month

A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x:. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
4.9
EPSS
40.5%
CVE-2021-21412 HIGH PATCH This Week

Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Node.js Command Injection Thi Ng Egf
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21638 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Team Foundation Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21633 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Owasp Dependency Track
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21629 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Build With Parameters
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-26919 HIGH PATCH This Week

Apache Druid allows users to read data from other database systems using JDBC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache RCE Druid
NVD
CVSS 3.1
8.8
EPSS
22.6%
CVE-2021-25150 HIGH PATCH This Week

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x:. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-25148 HIGH PATCH This Week

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x:. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-27271 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2021-27270 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-27269 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-27268 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-27267 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-27261 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-29376 HIGH This Week

ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ircii Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-25146 HIGH PATCH This Week

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x:. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-20502 HIGH PATCH This Week

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2021-20482 HIGH This Week

IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Cloud Pak For Automation
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2021-21637 MEDIUM This Month

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Team Foundation Server
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21634 MEDIUM PATCH This Month

Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jabber Xmpp Notifier And Control
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21632 MEDIUM PATCH This Month

A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Owasp Dependency Track
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-25145 MEDIUM PATCH This Month

A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-21409 MEDIUM PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty Debian Linux Oncommand Api Services +15
NVD GitHub
CVSS 3.1
5.9
EPSS
4.9%
CVE-2021-29650 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-29649 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-29648 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-29647 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-29646 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-26579 MEDIUM This Month

A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Unified Data Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20520 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20518 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20506 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20504 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20503 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20447 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20352 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-21398 MEDIUM PATCH This Month

PrestaShop is a fully scalable open source e-commerce solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy