Skip to main content
CVE-2021-21551 HIGH POC KEV THREAT Act Now

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Information Disclosure Dbutil
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
58.1%
CVE-2021-23383 CRITICAL POC PATCH Act Now

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Handlebars E Series Performance Analyzer
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-27518 HIGH POC This Week

All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Windscribe
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-29240 HIGH POC This Week

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Development System
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-23343 HIGH POC PATCH This Week

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Path Parse
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-29478 HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2021-29477 HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-22547 HIGH PATCH This Week

In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Google Cloud Iot Device Sdk For Embedded C
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-3154 HIGH This Week

An issue was discovered in SolarWinds Serv-U before 15.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Serv U
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-31164 HIGH PATCH This Week

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Unomi
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-26804 MEDIUM This Month

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD
CVSS 3.1
6.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy