Skip to main content
CVE-2021-28940 CRITICAL POC Act Now

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Magpierss
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-22203 CRITICAL POC Act Now

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-29012 CRITICAL POC Act Now

DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dma Radius Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-30000 CRITICAL POC Act Now

An issue was discovered in LATRIX 0.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure RCE Latrix
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-29660 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Opc Toolbox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-27973 HIGH POC THREAT This Week

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Piwigo
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
11.0%
CVE-2021-28113 MEDIUM POC THREAT This Month

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Access Gateway
NVD
CVSS 3.1
6.7
EPSS
22.3%
CVE-2021-30074 MEDIUM POC PATCH This Month

docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docsify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29011 MEDIUM POC This Month

DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dma Radius Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-25894 MEDIUM POC PATCH This Month

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Magnolia Cms
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-30072 CRITICAL Act Now

An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 878 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-1871 CRITICAL KEV THREAT Act Now

A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2021-1870 CRITICAL KEV THREAT Act Now

A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-1818 CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipad Os Iphone Os Mac Os X +3
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-1796 CRITICAL Act Now

An out-of-bounds write was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipad Os +1
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-1795 CRITICAL Act Now

An out-of-bounds write was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipad Os +1
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-1794 CRITICAL Act Now

An out-of-bounds read was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipad Os +1
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-28123 CRITICAL Act Now

Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cohesity Dataplatform
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-29661 MEDIUM POC This Month

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opc Toolbox
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25893 MEDIUM POC This Month

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Magnolia Cms
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-28941 MEDIUM POC This Month

Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Magpierss
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-3374 MEDIUM POC THREAT This Month

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Shiny Server
NVD GitHub
CVSS 3.1
5.3
EPSS
14.3%
CVE-2021-1844 HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Safari +7
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-1792 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +5
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-1789 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Ipados Iphone Os +6
NVD
CVSS 3.1
8.8
EPSS
14.5%
CVE-2021-1788 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Use After Free Denial Of Service +9
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-1748 HIGH This Week

A validation issue was addressed with improved input sanitization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-30003 MEDIUM POC This Month

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nokia G 120W F Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1805 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Mac Os X +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-1802 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1793 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipad Os Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1790 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Mac Os X +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1753 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipad Os +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-1787 HIGH This Week

Multiple issues were addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1785 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1783 HIGH This Week

An access issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1779 HIGH This Week

A logic error in kext loading was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-1777 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1776 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-1775 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-1774 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1772 HIGH This Week

A stack overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +5
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-1768 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1767 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-1763 HIGH This Week

A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-1759 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-1758 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +5
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2021-1757 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1754 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1751 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy