Skip to main content
CVE-2021-29641 HIGH POC This Week

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE PHP Apache File Upload +1
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2021-26758 HIGH POC This Week

Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openlitespeed
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-30123 HIGH POC This Week

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ffmpeg
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2021-30147 HIGH POC This Week

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Radius Manager
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.5%
CVE-2021-28927 HIGH POC PATCH This Week

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Microsoft Retroarch
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-30184 HIGH POC This Week

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Chess Fedora
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-20687 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Kagemai
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29627 HIGH This Week

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-1892 HIGH This Week

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Aqt1000 Firmware Pm8005 Firmware +52
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30185 HIGH PATCH This Week

CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Indico
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20692 HIGH This Week

Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Archive Collectively Operation Utility
NVD
CVSS 3.1
7.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy