Skip to main content
CVE-2021-25631 HIGH POC This Week

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libreoffice
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-32020 CRITICAL PATCH Act Now

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freertos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-29369 CRITICAL PATCH Act Now

The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Node.js Command Injection Gnuplot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-28860 CRITICAL PATCH Act Now

In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Denial Of Service Node.js Mixme
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
2.0%
CVE-2021-29238 HIGH This Week

CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Automation Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-29239 HIGH This Week

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29241 HIGH This Week

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl +8
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-31996 HIGH This Week

An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Algorithmica
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29242 HIGH This Week

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Arm Sl +18
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2021-21264 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

PHP Authentication Bypass October
NVD GitHub
CVSS 3.1
5.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy