Skip to main content
CVE-2021-33477 HIGH POC PATCH This Week

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Eterm Mrxvt Rxvt Unicode Rxvt +2
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-32630 HIGH POC This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Admidio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-25931 HIGH POC PATCH This Week

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Horizon Meridian
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-28906 HIGH POC This Week

In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-28905 HIGH POC This Week

In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28904 HIGH POC This Week

In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28903 HIGH POC This Week

A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-28902 HIGH POC This Week

In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-28682 HIGH POC This Week

An issue was discovered in Envoy through 1.71.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-27956 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-27459 CRITICAL Act Now

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-20721 CRITICAL Act Now

KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Konawiki
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-20720 CRITICAL Act Now

SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to execute arbitrary SQL commands and to obtain/alter the information stored in the database via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Konawiki
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-3313 MEDIUM POC PATCH This Month

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Plone
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-29686 HIGH This Week

IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Identity Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-25933 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-25929 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-28112 HIGH This Week

Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE X Dock Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-28111 HIGH This Week

Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass X Dock Firmware
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-32632 MEDIUM POC PATCH This Month

Pajbot is a Twitch chat bot. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pajbot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-25930 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Horizon Meridian
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-3438 HIGH This Week

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Privilege Escalation HP Color Laser 150 4Zb94A +381
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-29258 HIGH This Week

An issue was discovered in Envoy 1.14.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-28683 HIGH This Week

An issue was discovered in Envoy through 1.71.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-27432 HIGH This Week

OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ua Net Legacy Ua Net Standard Stack
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-29691 HIGH PATCH This Week

IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Identity Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-29688 HIGH PATCH This Week

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-27434 HIGH This Week

Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Net Based Opc Ua Client Server Sdk
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-3480 HIGH PATCH This Week

A flaw was found in slapi-nis in versions before 0.56.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Slapi Nis Fedora
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-27461 HIGH This Week

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-27457 HIGH This Week

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20718 HIGH This Week

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mod Auth Openidc Fedora Essbase
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-20719 MEDIUM This Month

RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 and earlier allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Rfntps Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-22339 MEDIUM This Month

There is a denial of service vulnerability in some versions of ManageOne. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Manageone
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-23386 MEDIUM PATCH This Month

This affects the package dns-packet before 5.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dns Packet
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-29683 MEDIUM This Month

IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-29659 MEDIUM This Month

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Owncloud Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-27467 MEDIUM This Month

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Authentication Bypass X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-27465 MEDIUM This Month

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29692 MEDIUM PATCH This Month

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-3426 MEDIUM PATCH This Month

There's a flaw in Python 3's pydoc. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Fedora Debian Linux Software Collections +6
NVD
CVSS 3.1
5.7
EPSS
1.9%
CVE-2021-22409 MEDIUM This Month

There is a denial of service vulnerability in some versions of ManageOne. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Manageone
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-29687 MEDIUM This Month

IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-29682 MEDIUM This Month

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-27463 MEDIUM This Month

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-3536 MEDIUM PATCH This Month

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Quarkus Data Grid Descision Manager Integration Camel K +5
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy