Skip to main content
CVE-2021-22204 HIGH POC KEV PATCH THREAT Act Now

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Exiftool Debian Linux Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
100.0%
CVE-2021-31584 HIGH POC This Week

Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Next Generation Communication Platform
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-20089 HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Purl
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-20086 HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Jquery Bbq
NVD GitHub
CVSS 3.1
8.8
EPSS
6.1%
CVE-2021-20085 HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Backbone Query Parameters
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-20083 HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Jquery Plugin Query Object
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-20088 HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Mootools More
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-20087 HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Jquery Deparam
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-20084 HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Jquery Sparkle
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-31607 HIGH POC PATCH This Week

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Command Injection Salt Fedora
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2021-25899 HIGH POC THREAT This Week

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Aurall Rec Monitor
NVD
CVSS 3.1
7.5
EPSS
12.2%
CVE-2021-25898 HIGH POC This Week

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Aural Rec Monitor
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31540 HIGH POC This Week

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Streaming Engine
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-22682 HIGH This Week

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22678 HIGH This Week

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-31780 HIGH PATCH This Week

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31791 HIGH This Week

In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hardware Sentry Km For Bmc Patrol
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-29469 HIGH PATCH This Week

Node-redis is a Node.js Redis client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Redis Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-31410 HIGH This Week

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Designer
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-31407 HIGH PATCH This Week

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Flow Vaadin
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-31405 HIGH PATCH This Week

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Flow Vaadin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-31408 HIGH PATCH This Week

Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

CSRF Java Flow Vaadin
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy