Skip to main content
CVE-2021-27182 HIGH POC This Week

An issue was discovered in MDaemon before 20.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Mdaemon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-27181 HIGH POC This Week

An issue was discovered in MDaemon before 20.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mdaemon
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-31152 HIGH POC This Week

Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ac1200 Re018 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.8%
CVE-2021-22879 HIGH POC PATCH This Week

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Code Injection Desktop Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.7%
CVE-2021-28098 HIGH POC This Week

An issue was discovered in Forescout CounterACT before 8.1.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Counteract
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25314 HIGH POC This Week

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hawk2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-27990 HIGH POC This Week

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Appspace
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-36120 HIGH POC This Week

Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-3017 HIGH POC THREAT This Week

The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Win 300 Firmware Wrn 342 Firmware
NVD
CVSS 3.1
7.5
EPSS
63.0%
CVE-2021-26827 HIGH POC This Week

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wr2041 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-27183 HIGH POC This Week

An issue was discovered in MDaemon before 20.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mdaemon
NVD GitHub
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-29654 HIGH POC This Week

AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Ajaxsearchpro
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-27253 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Netgear RCE Br200 Firmware +42
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-27252 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Netgear RCE Command Injection Br200 Firmware Br500 Firmware +41
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-27251 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Netgear RCE Br200 Firmware Br500 Firmware D7800 Firmware +40
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-27249 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

D-Link RCE Command Injection Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2021-27248 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-27246 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE TP-Link Stack Overflow Ac1750 Firmware
NVD
CVSS 3.1
8.0
EPSS
6.6%
CVE-2021-28826 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Messaging Eclipse Mosquitto Distribution Bridge
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28825 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core -. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Messaging Eclipse Mosquitto Distribution Core
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27259 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. Rated high severity (CVSS 7.8). No vendor patch available.

Integer Overflow RCE Parallels Desktop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28484 HIGH PATCH This Week

An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yubihsm Connector Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27608 HIGH This Week

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Setup
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-28157 HIGH This Week

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Devolutions Server
NVD
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy