Skip to main content
CVE-2021-29449 MEDIUM POC THREAT This Month

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Privilege Escalation Pi Hole
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
11.4%
CVE-2021-27130 CRITICAL POC Act Now

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Online Reviewer System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-27710 CRITICAL POC Act Now

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A720R Firmware
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-27708 CRITICAL POC Act Now

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A720R Firmware
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2021-27707 CRITICAL POC Act Now

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda G1 Firmware G3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-27706 CRITICAL POC Act Now

Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda G1 Firmware G3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-27705 CRITICAL POC Act Now

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda G1 Firmware G3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-28300 CRITICAL POC Act Now

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference RCE Denial Of Service Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-27114 CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
24.6%
CVE-2021-27113 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-31162 CRITICAL POC PATCH Act Now

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rust Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-27182 HIGH POC This Week

An issue was discovered in MDaemon before 20.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Mdaemon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-27181 HIGH POC This Week

An issue was discovered in MDaemon before 20.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mdaemon
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-31152 HIGH POC This Week

Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ac1200 Re018 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.8%
CVE-2021-22879 HIGH POC PATCH This Week

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Code Injection Desktop Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.7%
CVE-2021-28098 HIGH POC This Week

An issue was discovered in Forescout CounterACT before 8.1.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Counteract
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25314 HIGH POC This Week

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hawk2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-27990 HIGH POC This Week

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Appspace
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-36120 HIGH POC This Week

Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-3017 HIGH POC THREAT This Week

The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Win 300 Firmware Wrn 342 Firmware
NVD
CVSS 3.1
7.5
EPSS
63.0%
CVE-2021-26827 HIGH POC This Week

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wr2041 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-27183 HIGH POC This Week

An issue was discovered in MDaemon before 20.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mdaemon
NVD GitHub
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-29654 HIGH POC This Week

AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Ajaxsearchpro
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-27180 MEDIUM POC PATCH This Month

An issue was discovered in MDaemon before 20.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mdaemon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-27288 MEDIUM POC This Month

Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-26812 MEDIUM POC THREAT This Month

Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Meet
NVD GitHub
CVSS 3.1
6.1
EPSS
97.5%
CVE-2021-30459 CRITICAL PATCH Act Now

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django Debug Toolbar
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-27258 CRITICAL Act Now

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-28797 CRITICAL Act Now

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qnap Stack Overflow Surveillance Station
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2021-24028 CRITICAL PATCH Act Now

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects.02.22.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Thrift
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-28856 MEDIUM POC PATCH This Month

In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Deark
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-28855 MEDIUM POC PATCH This Month

In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Deark
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30494 MEDIUM POC This Month

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synapse
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-30493 MEDIUM POC This Month

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synapse
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-29338 MEDIUM POC This Month

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Openjpeg Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.6%
CVE-2021-27815 MEDIUM POC PATCH This Month

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Exif Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-26805 MEDIUM POC This Month

Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-27989 MEDIUM POC This Month

Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appspace
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-28060 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SSRF Group Office
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-27253 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Netgear RCE Br200 Firmware +42
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-27252 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Netgear RCE Command Injection Br200 Firmware Br500 Firmware +41
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-27251 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Netgear RCE Br200 Firmware Br500 Firmware D7800 Firmware +40
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-27249 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

D-Link RCE Command Injection Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2021-27248 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-27246 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE TP-Link Stack Overflow Ac1750 Firmware
NVD
CVSS 3.1
8.0
EPSS
6.6%
CVE-2021-28826 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Messaging Eclipse Mosquitto Distribution Bridge
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28825 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core -. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Messaging Eclipse Mosquitto Distribution Core
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27259 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. Rated high severity (CVSS 7.8). No vendor patch available.

Integer Overflow RCE Parallels Desktop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28484 HIGH PATCH This Week

An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yubihsm Connector Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27608 HIGH This Week

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Setup
NVD
CVSS 3.1
7.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy