Skip to main content
CVE-2021-30229 HIGH POC This Week

The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection An Lianbao Wf 1 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-30224 HIGH POC PATCH This Week

Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rukovoditel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-20091 HIGH POC This Week

The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Wsr 2533Dhpl2 Bk Firmware Wsr 2533Dhp3 Bk Firmware
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2021-20294 HIGH POC This Week

A flaw was found in binutils readelf 2.35 program. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Binutils
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2021-20092 HIGH POC This Week

The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wsr 2533Dhpl2 Bk Firmware Wsr 2533Dhp3 Bk Firmware
NVD
CVSS 3.1
7.5
EPSS
8.2%
CVE-2021-29350 HIGH POC This Week

SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Shipment 100 Design Material Download System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-29468 HIGH PATCH This Week

Cygwin Git is a patch set for the git command line tool for the cygwin environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Git
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-31426 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-31425 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-31424 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-31420 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-29147 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2021-25167 HIGH This Week

A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Aruba Airwave
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-25166 HIGH This Week

A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Aruba Airwave
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-1402 HIGH This Week

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2021-31429 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-31428 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-29140 HIGH This Week

A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Aruba Clearpass
NVD
CVSS 3.1
8.2
EPSS
1.6%
CVE-2021-25163 HIGH This Week

A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-1084 HIGH This Week

NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1083 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1082 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1081 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1080 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1448 HIGH This Week

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-31438 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-31437 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-31436 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-31435 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-31434 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-31433 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-21415 HIGH PATCH This Week

Prisma VS Code a VSCode extension for Prisma schema files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Language Tools
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-31776 HIGH This Week

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Vpn Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1504 HIGH This Week

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Memory Corruption Firepower Threat Defense +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-1501 HIGH This Week

A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-1445 HIGH This Week

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Memory Corruption Firepower Threat Defense +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-31422 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. Rated high severity (CVSS 7.5). No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-25811 HIGH This Week

MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mercury X18G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-20228 HIGH PATCH This Week

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Automation Platform Ansible Tower Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-28899 HIGH This Week

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streaming Media
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-25215 HIGH PATCH This Week

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Debian Linux Bind Fedora Active Iq Unified Manager +12
NVD
CVSS 3.1
7.5
EPSS
11.3%
CVE-2021-1085 HIGH This Week

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-21414 HIGH PATCH This Week

Prisma is an open source ORM for Node.js & TypeScript. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Node.js Command Injection Prisma
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-1086 HIGH This Week

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass Virtual Gpu Manager
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-1493 HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy