Skip to main content
CVE-2021-30149 CRITICAL POC PATCH THREAT Act Now

Composr 10.0.36 allows upload and execution of PHP files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Composr
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.1%
CVE-2021-28142 HIGH POC This Week

CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Citsmart
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.8%
CVE-2021-29424 HIGH POC This Week

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-30046 MEDIUM POC This Month

VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vigra Computer Vision Library
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-30157 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-30154 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-30151 MEDIUM POC PATCH This Month

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sidekiq Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
4.2%
CVE-2021-30150 MEDIUM POC PATCH This Month

Composr 10.0.36 allows XSS in an XML script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Composr
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.8%
CVE-2021-26833 MEDIUM POC This Month

Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Apple Information Disclosure Timelybills
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-24026 CRITICAL Act Now

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption Google Whatsapp +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-27698 CRITICAL Act Now

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-27697 CRITICAL Act Now

RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-27357 CRITICAL Act Now

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-28173 CRITICAL Act Now

The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Deltaflow
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-28171 CRITICAL Act Now

The Vangene deltaFlow E-platform does not take properly protective measures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Deltaflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-30164 CRITICAL Act Now

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Redmine Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-30140 MEDIUM POC This Month

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Liquidfiles
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-30158 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-30045 CRITICAL PATCH Act Now

SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Serenityos
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2021-30144 MEDIUM POC This Month

The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Dashboard
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-27900 HIGH This Week

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management
NVD
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-21423 HIGH PATCH This Week

`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Node.js Projen
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-20334 HIGH This Week

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Compass
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28874 HIGH This Week

SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Serenityos
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-21404 HIGH PATCH This Week

Syncthing is a continuous file synchronization program. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Syncthing
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-24027 HIGH This Week

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-30130 HIGH PATCH This Week

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Phpseclib Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28075 HIGH This Week

iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ikuaios
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-27343 HIGH PATCH This Week

SerenityOS Unspecified is affected by: Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Serenityos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-28172 HIGH This Week

There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Deltaflow
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-30163 HIGH This Week

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-27899 HIGH This Week

The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Microsoft Information Disclosure Insider Threat Management
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2021-22158 HIGH This Week

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Insider Threat Management
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2021-28204 HIGH This Week

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-28203 HIGH This Week

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-30162 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2021-28688 MEDIUM PATCH This Month

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-22157 MEDIUM This Month

Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Insider Threat Management
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-29136 MEDIUM PATCH This Month

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Umoci Singularity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-30161 MEDIUM This Month

An issue was discovered on LG mobile devices with Android OS 11 software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-30146 MEDIUM This Month

Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seafile
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-28658 MEDIUM PATCH This Month

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Django Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
3.9%
CVE-2021-28209 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28208 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28207 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28206 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28205 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28202 MEDIUM This Month

The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28201 MEDIUM This Month

The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28200 MEDIUM This Month

The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy