Skip to main content
CVE-2021-26830 CRITICAL POC PATCH Act Now

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zenario
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
4.6%
CVE-2021-31348 MEDIUM POC This Month

An issue was discovered in libezxml.a in ezXML 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ezxml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-31347 MEDIUM POC This Month

An issue was discovered in libezxml.a in ezXML 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ezxml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31414 CRITICAL PATCH Act Now

The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Rpm Spec
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-27692 CRITICAL Act Now

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Command Injection G1 Firmware G3 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-27691 CRITICAL Act Now

Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Command Injection G0 Firmware G1 Firmware G3 Firmware
NVD
CVSS 3.1
9.8
EPSS
25.2%
CVE-2021-29451 CRITICAL PATCH Act Now

Portofino is an open source web development framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Portofino
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2021-27394 HIGH This Week

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mendix
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-22539 HIGH This Week

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bazel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26073 HIGH PATCH This Week

Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Atlassian Authentication Bypass Connect Express
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2021-29452 MEDIUM PATCH This Month

a12n-server is an npm package which aims to provide a simple authentication system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Privilege Escalation A12N Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-26074 MEDIUM PATCH This Month

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Atlassian Authentication Bypass Connect Spring Boot
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-29443 MEDIUM PATCH This Month

jose is an npm library providing a number of cryptographic operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Node.js Oracle Microsoft Jose
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-29446 MEDIUM PATCH This Month

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Node.js Oracle Information Disclosure Jose Node Cjs Runtime
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-29445 MEDIUM PATCH This Month

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Node.js Oracle Information Disclosure Jose Node Cjs Runtime
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-29444 MEDIUM PATCH This Month

jose-browser-runtime is an npm package which provides a number of cryptographic functions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Node.js Oracle Information Disclosure Jose Node Cjs Runtime
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-20491 MEDIUM PATCH This Month

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption Spectrum Protect
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy