Skip to main content
CVE-2021-33514 CRITICAL POC Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Gc108P Firmware Gc108Pp Firmware Gs108T Firmware +14
NVD
CVSS 3.1
9.8
EPSS
8.8%
CVE-2021-32633 HIGH POC PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Path Traversal Plone Zope
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-32032 HIGH POC PATCH This Week

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trusted Firmware M
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-33500 HIGH POC This Week

PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Putty
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-27811 HIGH POC This Week

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Qibosoft
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-33509 CRITICAL PATCH Act Now

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Information Disclosure Plone
NVD
CVSS 3.1
9.9
EPSS
2.0%
CVE-2021-31474 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Network Performance Monitor
NVD
CVSS 3.1
9.8
EPSS
94.4%
CVE-2021-21552 HIGH PATCH This Week

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Dell Microsoft Authentication Bypass Windows 10
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-21549 HIGH This Week

Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dell Xtremio Management Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-31475 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Orion Job Scheduler
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2021-31439 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology Heap Overflow RCE Diskstation Manager +2
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-31473 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2021-33511 HIGH PATCH This Week

Plone though 5.2.4 allows SSRF via the lxml parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Plone
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-28798 HIGH This Week

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qnap Qts Quts Hero
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-32634 HIGH PATCH This Week

Emissary is a distributed, peer-to-peer, data-driven workflow framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java Emissary
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-31440 HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. Rated high severity (CVSS 7.0).

Linux RCE Linux Kernel Solidfire Baseboard Management Controller Firmware Cloud Backup +7
NVD
CVSS 3.1
7.0
EPSS
1.8%
CVE-2021-33507 MEDIUM PATCH This Month

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plone Zope
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29414 MEDIUM This Month

STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stm32Cubel4 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-29415 MEDIUM This Month

The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nrf52840 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-33513 MEDIUM PATCH This Month

Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33512 MEDIUM PATCH This Month

Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33508 MEDIUM PATCH This Month

Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-29681 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-33510 MEDIUM PATCH This Month

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Plone
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy