Skip to main content
CVE-2021-27522 HIGH POC This Week

Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Learnsite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-30463 HIGH POC This Week

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control Panel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-3328 HIGH POC This Week

An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Abyss Web Server X1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-30462 HIGH POC This Week

VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vesta Control Panel
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-1362 HIGH This Week

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Code Injection Prime License Manager Unified Communications Manager +2
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-1309 HIGH This Week

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Rv132W Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-1474 HIGH This Week

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Umbrella
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2021-29154 HIGH PATCH This Week

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Linux RCE Command Injection Linux Kernel Fedora +11
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-3146 HIGH This Week

The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Audio X2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28685 HIGH This Week

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gputweak Ii
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1485 HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Code Injection Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1480 HIGH PATCH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-1386 HIGH This Week

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Advanced Malware Protection For Endpoints Clamav +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1137 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-1405 HIGH This Week

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clamav Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-1404 HIGH This Week

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-1252 HIGH This Week

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-1308 HIGH This Week

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Rv132W Firmware +10
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-1251 HIGH This Week

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Rv132W Firmware +10
NVD
CVSS 3.1
7.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy