Skip to main content
CVE-2021-22543 HIGH POC This Week

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. Rated high severity (CVSS 8.7). Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Kernel Fedora Debian Linux +10
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2021-30498 HIGH POC This Week

A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libcaca Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-30472 HIGH POC This Week

A flaw was found in PoDoFo 0.9.7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-32457 HIGH POC This Week

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Trend Micro Home Network Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-33038 HIGH POC PATCH This Week

An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Hyperkitty Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-25217 HIGH POC PATCH This Week

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Dhcp Fedora Debian Linux Ruggedcom Rox Rx1400 Firmware +12
NVD
CVSS 3.1
7.4
EPSS
6.1%
CVE-2021-3561 HIGH POC PATCH This Week

An Out of Bounds flaw was found fig2dev version 3.2.8a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Fig2Dev Fedora Debian Linux
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2020-26678 HIGH This Week

vFairs 3.3 is affected by Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Vfairs
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-26677 HIGH This Week

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Vfairs
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-20492 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Java Websphere Application Server
NVD
CVSS 3.1
8.2
EPSS
2.1%
CVE-2021-22733 HIGH This Week

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22732 HIGH This Week

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22705 HIGH PATCH This Week

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Authentication Bypass Vijeo Designer Ecostruxure Machine Expert
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22736 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-22699 HIGH This Week

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M241 Firmware Modicon M251 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33506 HIGH PATCH This Week

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Jitsi Meet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-33194 HIGH PATCH This Week

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Go Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
7.3%
CVE-2021-22735 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-22734 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-32614 HIGH This Week

A flaw was found in dmg2img through 20170502. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Dmg2Img
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-3549 HIGH PATCH This Week

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Binutils
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-3548 HIGH This Week

A flaw was found in dmg2img through 20170502. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Dmg2Img
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy