Skip to main content
CVE-2021-31856 CRITICAL POC PATCH THREAT Act Now

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Meshery
NVD GitHub
CVSS 3.1
9.8
EPSS
75.4%
CVE-2021-27933 MEDIUM POC THREAT This Month

pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pfsense
NVD
CVSS 3.1
6.1
EPSS
26.6%
CVE-2021-22514 CRITICAL Act Now

An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Application Performance Management
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-30168 CRITICAL Act Now

The sensitive information of webcam device is not properly protected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P2R8852E2 Firmware P2R8852E4 Firmware P2R6852E2 Firmware P2R6852E4 Firmware +37
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-30167 CRITICAL Act Now

The manage users profile services of the network camera device allows an authenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation P2R8852E2 Firmware P2R8852E4 Firmware P2R6852E2 Firmware P2R6852E4 Firmware +37
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-20716 CRITICAL Act Now

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service HP Bhr 4Rv Firmware Fs G54 Firmware +33
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-3508 MEDIUM POC PATCH This Month

A flaw was found in PDFResurrect in version 0.22b. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Pdfresurrect
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-29388 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Budget Management System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29387 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Equipment Inventory System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-23364 MEDIUM POC PATCH This Month

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Browserslist
NVD GitHub
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-31777 MEDIUM POC PATCH This Month

The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Dynamic Content Elements
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-25151 HIGH This Week

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Aruba Airwave
NVD
CVSS 3.1
8.8
EPSS
12.6%
CVE-2021-27648 HIGH This Week

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Information Disclosure Antivirus Essential
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-3512 HIGH This Week

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Bhr 4Grv Firmware Dwr Hp G300Nh Firmware Hw 450Hp Zwe Firmware +21
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-25165 HIGH This Week

A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-25153 HIGH This Week

A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-25147 HIGH This Week

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Aruba Authentication Bypass Airwave
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-29483 HIGH PATCH This Week

ManageWiki is an extension to the MediaWiki project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Managewiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-29482 HIGH PATCH This Week

xz is a compression and decompression library focusing on the xz format completely written in Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Xz
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-25154 HIGH This Week

A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Aruba Airwave
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22332 HIGH This Week

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cloudengine 12800 Firmware Cloudengine 5800 Firmware Cloudengine 6800 Firmware Cloudengine 7800 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22331 HIGH This Week

There is a JavaScript injection vulnerability in certain Huawei smartphones. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Code Injection P30 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22393 HIGH This Week

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cloudengine 12800 Firmware Cloudengine 5800 Cloudengine 6800 Firmware Cloudengine 7800 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-30169 HIGH This Week

The sensitive information of webcam device is not properly protected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P2R8852E2 Firmware P2R8852E4 Firmware P2R6852E2 Firmware P2R6852E4 Firmware +37
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-31863 HIGH This Week

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-31815 LOW POC Monitor

GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Apple Information Disclosure Google Apple Exposure Notifications
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-25152 HIGH This Week

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Aruba Airwave
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-30166 HIGH This Week

The NTP Server configuration function of the IP camera device is not verified with special parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection P2R8852E2 Firmware P2R8852E4 Firmware P2R6852E2 Firmware P2R6852E4 Firmware +37
NVD GitHub
CVSS 3.1
7.2
EPSS
3.8%
CVE-2021-25164 MEDIUM This Month

A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Aruba Airwave
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-22330 MEDIUM This Month

There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption P30 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-22327 MEDIUM This Month

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption P30 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-31779 MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Yoast Seo
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2021-29159 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-2321 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Oracle Information Disclosure Authentication Bypass Vm Virtualbox
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2021-31778 MEDIUM PATCH This Month

The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Media2Click
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31866 MEDIUM This Month

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-31865 MEDIUM This Month

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-31864 MEDIUM This Month

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Redmine Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-3511 MEDIUM This Month

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Bhr 4Grv Firmware Dwr Hp G300Nh Firmware Hw 450Hp Zwe Firmware +21
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy