Skip to main content
CVE-2021-32615 CRITICAL POC PATCH Act Now

Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Piwigo
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-23910 CRITICAL POC Act Now

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Hermes
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-23909 CRITICAL POC Act Now

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Hermes
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-23908 CRITICAL POC Act Now

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-23907 CRITICAL POC Act Now

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-28799 CRITICAL POC KEV THREAT Act Now

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Hybrid Backup Sync
NVD
CVSS 3.1
9.8
EPSS
78.4%
CVE-2021-23906 MEDIUM POC This Month

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mercedes Benz User Experience
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-32925 MEDIUM POC PATCH This Month

admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XXE Chamilo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-33026 CRITICAL PATCH Act Now

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python RCE Redis Privilege Escalation +1
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2021-20999 CRITICAL Act Now

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uc20 Wl2000 Ac Firmware Uc20 Wl2000 Iot Firmware Iot Gw30 Firmware Iot Gw30 4G Eu Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-20998 CRITICAL Act Now

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-3528 HIGH PATCH This Week

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Noobaa Operator
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-31215 HIGH This Week

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-22155 HIGH This Week

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Workspaces Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-27413 HIGH This Week

Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Cx One Cx Server
NVD
CVSS 3.1
7.8
EPSS
10.0%
CVE-2021-20025 HIGH This Week

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sonicwall Authentication Bypass Email Security Virtual Appliance
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25694 HIGH This Week

Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pcoip Graphics Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29510 HIGH PATCH This Week

Pydantic is a data validation and settings management using Python type hinting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Pydantic Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22140 HIGH This Week

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XXE Elastic App Search
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-32920 HIGH This Week

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-32919 HIGH This Week

An issue was discovered in Prosody before 0.11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-32918 HIGH This Week

An issue was discovered in Prosody before 0.11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-20181 HIGH PATCH This Week

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. Rated high severity (CVSS 7.5).

Privilege Escalation Qemu Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-25693 HIGH This Week

An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Pcoip Agent
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20997 HIGH This Week

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20995 HIGH This Week

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20988 HIGH This Week

In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Rcx Rtos Ice1 16Di G60L V1D Firmware Ice1 16Dio G60L C1 V1D Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22153 HIGH This Week

A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Unified Endpoint Management
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2021-26311 HIGH This Week

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Command Injection RCE Epyc 7232P Epyc 7251 +63
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-31876 MEDIUM This Month

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Bitcoin
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-29506 MEDIUM PATCH This Month

GraphHopper is an open-source Java routing engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Graphhopper
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22139 MEDIUM This Month

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20994 MEDIUM This Month

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20221 MEDIUM PATCH This Month

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-32921 MEDIUM This Month

An issue was discovered in Prosody before 0.11.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Prosody Fedora Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2021-22152 MEDIUM This Month

A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Unified Endpoint Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20535 MEDIUM This Month

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22137 MEDIUM PATCH This Month

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-22135 MEDIUM PATCH This Month

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-32917 MEDIUM This Month

An issue was discovered in Prosody before 0.11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Prosody Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-21424 MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Symfony Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-20996 MEDIUM This Month

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20993 MEDIUM This Month

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-22154 MEDIUM This Month

An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unified Endpoint Management
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20331 MEDIUM PATCH This Month

Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure C Driver
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-20250 MEDIUM PATCH This Month

A flaw was found in wildfly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jboss Ejb Client Jboss Enterprise Application Platform Expansion Pack
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-22138 LOW Monitor

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.1
3.7
EPSS
0.5%
CVE-2021-22136 LOW Monitor

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2021-29623 LOW PATCH Monitor

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy