Skip to main content
CVE-2021-31795 HIGH POC This Week

The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption Pvrsrvkm Ko
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-31712 MEDIUM POC PATCH This Month

react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS React Draft Wysiwyg
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-31598 HIGH PATCH This Week

An issue was discovered in libezxml.a in ezXML 0.8.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Ezxml Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-31794 MEDIUM This Month

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Directum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy