Skip to main content
CVE-2020-21883 HIGH POC This Week

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Unibox U50 Firmware Unibox U500 Firmware Unibox U1000 Firmware Unibox U2500 Firmware +1
NVD VulDB
CVSS 3.1
8.8
EPSS
5.9%
CVE-2020-21884 HIGH POC This Week

Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Unibox U50 Firmware Unibox U500 Firmware Unibox U1000 Firmware Unibox U2500 Firmware +1
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30480 HIGH POC This Week

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft RCE Chat
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2021-25356 HIGH POC This Week

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-21433 HIGH POC PATCH This Week

Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Discord Recon
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2021-25328 HIGH POC This Week

Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Rn510 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2021-29221 HIGH POC This Week

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation RCE Erlang Otp
NVD GitHub
CVSS 3.1
7.0
EPSS
0.6%
CVE-2021-21199 HIGH This Week

Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21197 HIGH This Week

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21196 HIGH This Week

Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21195 HIGH This Week

Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21194 HIGH This Week

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-25361 HIGH This Week

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-21431 HIGH PATCH This Week

sopel-channelmgnt is a channelmgnt plugin for sopel. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Channelmgnt
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-25381 HIGH This Week

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass Account
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25377 HIGH This Week

Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass Experience Service
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25373 HIGH This Week

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Customization Service
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25365 HIGH This Week

An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-25374 HIGH This Week

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass Members
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-21198 HIGH This Week

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
7.4
EPSS
1.8%
CVE-2021-25380 HIGH This Week

Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bixby
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2021-20022 HIGH KEV THREAT This Week

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall File Upload Email Security Email Security Appliance 9000 Firmware Email Security Appliance 3300 Firmware +8
NVD
CVSS 3.1
7.2
EPSS
16.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy