Skip to main content
CVE-2021-21985 CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-33470 CRITICAL POC Act Now

COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid19 Testing Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-25945 CRITICAL POC Act Now

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Js Extend
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-22543 HIGH POC This Week

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. Rated high severity (CVSS 8.7). Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Kernel Fedora Debian Linux +10
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2021-30498 HIGH POC This Week

A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libcaca Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-30472 HIGH POC This Week

A flaw was found in PoDoFo 0.9.7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-32457 HIGH POC This Week

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Trend Micro Home Network Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-33038 HIGH POC PATCH This Week

An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Hyperkitty Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-25217 HIGH POC PATCH This Week

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Dhcp Fedora Debian Linux Ruggedcom Rox Rx1400 Firmware +12
NVD
CVSS 3.1
7.4
EPSS
6.1%
CVE-2021-3561 HIGH POC PATCH This Week

An Out of Bounds flaw was found fig2dev version 3.2.8a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Fig2Dev Fedora Debian Linux
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2021-20196 MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3486 MEDIUM POC This Month

GLPi 9.5.4 does not sanitize the metadata. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-22738 CRITICAL Act Now

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-22737 CRITICAL Act Now

Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-22731 CRITICAL PATCH Act Now

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mcsesp083F23G0 Firmware Mcsesp083F23G0T Firmware Mcsesm043F23F0 Firmware Mcsesm053F1Cu0 Firmware +12
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-21986 CRITICAL Act Now

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Vcenter Server Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
12.9%
CVE-2021-22160 CRITICAL PATCH Act Now

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Pulsar
NVD
CVSS 3.1
9.8
EPSS
52.9%
CVE-2021-30471 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30470 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30469 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Podofo Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-28170 MEDIUM POC PATCH This Month

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jakarta Expression Language Quarkus Communications Cloud Native Core Policy Weblogic Server
NVD GitHub
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-26678 HIGH This Week

vFairs 3.3 is affected by Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Vfairs
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-20487 CRITICAL Act Now

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Jwt Attack Power9 System Firmware Scale Out Lc System Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2020-26677 HIGH This Week

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Vfairs
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-33469 MEDIUM POC This Month

COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Covid19 Testing Management System
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-20492 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Java Websphere Application Server
NVD
CVSS 3.1
8.2
EPSS
2.1%
CVE-2021-22733 HIGH This Week

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22732 HIGH This Week

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22705 HIGH PATCH This Week

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Authentication Bypass Vijeo Designer Ecostruxure Machine Expert
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22736 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-22699 HIGH This Week

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M241 Firmware Modicon M251 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33506 HIGH PATCH This Week

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Jitsi Meet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-33194 HIGH PATCH This Week

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Go Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
7.3%
CVE-2021-22735 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-22734 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-32614 HIGH This Week

A flaw was found in dmg2img through 20170502. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Dmg2Img
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-3549 HIGH PATCH This Week

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Binutils
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-3548 HIGH This Week

A flaw was found in dmg2img through 20170502. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Dmg2Img
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-31924 MEDIUM This Month

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pam U2F Fedora
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-22741 MEDIUM PATCH This Month

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Clearscada Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-22740 MEDIUM This Month

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-20486 MEDIUM PATCH This Month

IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26034 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-26033 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-26032 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-22739 MEDIUM This Month

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-27676 MEDIUM PATCH This Month

Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Centreon
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-3527 MEDIUM PATCH This Month

A flaw was found in the USB redirector device (usb-redir) of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-20297 MEDIUM PATCH This Month

A flaw was found in NetworkManager in versions before 1.30.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Networkmanager Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20191 MEDIUM PATCH This Month

A flaw was found in ansible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtualization Ansible Ansible Tower Cisco Nx Os Collection +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy