Skip to main content
CVE-2021-1473 CRITICAL POC THREAT Emergency

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cisco Rv340 Firmware Rv340W Firmware Rv345 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
64.2%
CVE-2021-1472 CRITICAL POC THREAT Emergency

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cisco Rv160 Firmware Rv160W Firmware Rv260 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
72.5%
CVE-2021-28925 CRITICAL POC Act Now

SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Network Analyzer
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-27522 HIGH POC This Week

Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Learnsite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-30463 HIGH POC This Week

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control Panel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-3328 HIGH POC This Week

An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Abyss Web Server X1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-30462 HIGH POC This Week

VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vesta Control Panel
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-30114 MEDIUM POC This Month

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Enterprise Resource Planning
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-30112 MEDIUM POC This Month

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Enterprise Resource Planning
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-28924 MEDIUM POC This Month

Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Network Analyzer
NVD
CVSS 3.1
6.1
EPSS
9.2%
CVE-2021-30113 MEDIUM POC This Month

A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Resource Planning
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-22507 CRITICAL Act Now

Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Operations Bridge Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-1479 CRITICAL PATCH Act Now

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-1459 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv110W Firmware Rv130 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-30111 MEDIUM POC This Month

A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Resource Planning
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3012 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Arcgis Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-1362 HIGH This Week

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Code Injection Prime License Manager Unified Communications Manager +2
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-1309 HIGH This Week

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Rv132W Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-1474 HIGH This Week

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Umbrella
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2021-3448 MEDIUM POC PATCH This Month

A flaw was found in dnsmasq in versions before 2.85. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Dnsmasq Enterprise Linux Fedora Communications Cloud Native Core Network Function Cloud Native Environment
NVD
CVSS 3.1
4.0
EPSS
2.0%
CVE-2021-29154 HIGH PATCH This Week

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Linux RCE Command Injection Linux Kernel Fedora +11
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-3146 HIGH This Week

The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Audio X2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28685 HIGH This Week

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gputweak Ii
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1485 HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Code Injection Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1480 HIGH PATCH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-1386 HIGH This Week

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Advanced Malware Protection For Endpoints Clamav +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1137 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-1405 HIGH This Week

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clamav Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-1404 HIGH This Week

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-1252 HIGH This Week

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-1308 HIGH This Week

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Rv132W Firmware +10
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-1251 HIGH This Week

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Rv132W Firmware +10
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-3482 MEDIUM PATCH This Month

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Exiv2 Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-22513 MEDIUM PATCH This Month

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-22512 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-22511 MEDIUM PATCH This Month

Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22312 MEDIUM This Month

There is a memory leak vulnerability in some Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ips Module Firmware Ngfw Module Firmware Secospace Usg6300 Firmware +9
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22115 MEDIUM This Month

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-20480 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-28174 MEDIUM This Month

Mitake smart stock selection system contains a broken authentication vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Stock Selection
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-3413 MEDIUM This Month

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Red Hat Information Disclosure Foreman Azurerm Satellite
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2021-1415 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Deserialization RCE Rv340 Firmware Rv340W Firmware +2
NVD
CVSS 3.1
6.3
EPSS
1.6%
CVE-2021-1414 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Deserialization RCE Rv340 Firmware Rv340W Firmware +2
NVD
CVSS 3.1
6.3
EPSS
1.9%
CVE-2021-1413 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Deserialization RCE Rv340 Firmware Rv340W Firmware +2
NVD
CVSS 3.1
6.3
EPSS
1.6%
CVE-2021-22510 MEDIUM PATCH This Month

Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Application Automation Tools
NVD
CVSS 3.1
6.1
EPSS
5.0%
CVE-2021-27945 MEDIUM PATCH This Month

The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Squirro
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-1463 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1409 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi XSS Unified Communications Manager Unified Communications Manager Im Presence Service +1
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1408 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi XSS Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1407 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi XSS Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy