Skip to main content
CVE-2021-29472 HIGH POC PATCH This Week

Composer is a dependency manager for PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Composer Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.8%
CVE-2021-28269 HIGH POC This Week

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 701Client
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-28271 HIGH POC This Week

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation 701Clientsql 701Server 701Serversql
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-29442 HIGH POC PATCH THREAT This Week

Nacos is a platform designed for dynamic service discovery and configuration and service management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nacos
NVD GitHub
CVSS 3.1
7.5
EPSS
64.7%
CVE-2021-31826 HIGH POC This Week

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Service Provider
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-31671 HIGH POC PATCH This Week

pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pgsync
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-30165 HIGH This Week

The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ic 3140W Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-29667 HIGH PATCH This Week

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Spectrum Scale
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-3464 HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22664 HIGH This Week

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-22660 HIGH This Week

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-30638 HIGH PATCH This Week

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Tapestry
NVD
CVSS 3.1
7.5
EPSS
6.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy