Skip to main content
CVE-2021-21822 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-28663 HIGH POC KEV THREAT This Week

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Memory Corruption Information Disclosure Bifrost Gpu Kernel Driver +2
NVD GitHub
CVSS 3.1
8.8
EPSS
12.1%
CVE-2021-26077 HIGH POC PATCH This Week

Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Atlassian Authentication Bypass Connect Spring Boot
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-32471 HIGH POC This Week

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Universal Turing Machine
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-32399 HIGH POC PATCH This Week

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. Rated high severity (CVSS 7.0). Public exploit code available.

Linux Information Disclosure Race Condition Linux Kernel Debian Linux +9
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2021-21428 HIGH POC PATCH This Week

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Java Openapi Generator
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-23008 CRITICAL Act Now

On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-26583 CRITICAL Act Now

A potential security vulnerability was identified in HPE iLO Amplifier Pack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ilo Amplifier Pack
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-21430 MEDIUM POC PATCH This Month

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Openapi Generator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-29022 MEDIUM POC This Month

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Invoiceplane
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-3003 MEDIUM POC This Month

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Desktop Telematico
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20538 CRITICAL Act Now

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Cloud Pak For Security
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-25848 CRITICAL Act Now

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vport 06Ec 2V26M Firmware Vport 06Ec 2V36M T Firmware Vport 06Ec 2V36M Ct Firmware +13
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-25847 CRITICAL Act Now

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vport 06Ec 2V26M Firmware Vport 06Ec 2V36M T Firmware Vport 06Ec 2V36M Ct Firmware +13
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-28664 HIGH KEV THREAT This Week

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Denial Of Service Bifrost Gpu Kernel Driver +2
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2021-23014 HIGH This Week

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-32489 MEDIUM POC This Month

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow OpenSSL Yubihsm Shell
NVD
CVSS 3.1
4.4
EPSS
0.9%
CVE-2021-23012 HIGH This Week

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2021-31520 HIGH PATCH This Week

A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Im Security
NVD
CVSS 3.1
8.1
EPSS
3.9%
CVE-2021-22672 HIGH This Week

Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
9.7%
CVE-2021-23010 HIGH This Week

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-23009 HIGH This Week

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-23013 HIGH This Week

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-23011 HIGH This Week

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-25849 HIGH This Week

An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Vport 06Ec 2V26M Firmware Vport 06Ec 2V36M T Firmware Vport 06Ec 2V36M Ct Firmware +13
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-25846 HIGH This Week

Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Vport 06Ec 2V26M Firmware Vport 06Ec 2V36M T Firmware Vport 06Ec 2V36M Ct Firmware +13
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-25845 HIGH This Week

Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vport 06Ec 2V26M Firmware Vport 06Ec 2V36M T Firmware Vport 06Ec 2V36M Ct Firmware +13
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-23015 HIGH This Week

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24011 HIGH This Week

A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinac
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2021-29502 MEDIUM PATCH This Month

WarnSystem is a cog (plugin) for the Red discord bot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Warnsystem
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-29501 MEDIUM PATCH This Month

Ticketer is a command based ticket system cog (plugin) for the red discord bot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dav Cogs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20577 MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cloud Pak For Security
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20717 MEDIUM PATCH This Month

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ec Cube
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-20559 MEDIUM PATCH This Month

IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Control Desk
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32053 MEDIUM PATCH This Month

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Hapi Fhir
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-23016 MEDIUM This Month

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25645 MEDIUM This Month

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-32056 MEDIUM PATCH This Month

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass Imap Fedora
NVD
CVSS 3.1
4.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy