Skip to main content
CVE-2021-29441 CRITICAL POC PATCH THREAT Act Now

Nacos is a platform designed for dynamic service discovery and configuration and service management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nacos
NVD GitHub
CVSS 3.1
9.8
EPSS
74.2%
CVE-2021-30128 CRITICAL POC PATCH THREAT Act Now

Apache OFBiz has unsafe deserialization prior to 17.12.07 version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Ofbiz
NVD
CVSS 3.1
9.8
EPSS
81.1%
CVE-2021-29200 CRITICAL POC PATCH THREAT Act Now

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Ofbiz
NVD
CVSS 3.1
9.8
EPSS
55.4%
CVE-2021-29472 HIGH POC PATCH This Week

Composer is a dependency manager for PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Composer Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.8%
CVE-2021-28269 HIGH POC This Week

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 701Client
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-28271 HIGH POC This Week

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation 701Clientsql 701Server 701Serversql
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-29442 HIGH POC PATCH THREAT This Week

Nacos is a platform designed for dynamic service discovery and configuration and service management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nacos
NVD GitHub
CVSS 3.1
7.5
EPSS
64.7%
CVE-2021-31826 HIGH POC This Week

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Service Provider
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-31671 HIGH POC PATCH This Week

pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pgsync
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29476 CRITICAL PATCH Act Now

Requests is a HTTP library written in PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Requests
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-30642 CRITICAL Act Now

An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Security Analytics
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-27480 CRITICAL Act Now

Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Industrial Automation Commgr
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-29460 MEDIUM POC PATCH This Month

Kirby is an open source CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kirby
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2021-21365 MEDIUM POC PATCH This Month

Bootstrap Package is a theme for TYPO3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-30165 HIGH This Week

The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ic 3140W Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-29667 HIGH PATCH This Week

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Spectrum Scale
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-3464 HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22664 HIGH This Week

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-22660 HIGH This Week

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-30638 HIGH PATCH This Week

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Tapestry
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2021-20714 MEDIUM This Month

Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wp Fastest Cache
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-28125 MEDIUM PATCH This Month

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apache Superset
NVD
CVSS 3.1
6.1
EPSS
63.8%
CVE-2021-3451 MEDIUM This Month

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29666 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Spectrum Scale
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20550 MEDIUM This Month

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20549 MEDIUM This Month

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20448 MEDIUM PATCH This Month

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-30635 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-20715 MEDIUM This Month

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass Hot Pepper Gourmet
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21429 LOW PATCH Monitor

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Path Traversal Information Disclosure Openapi Generator
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy