Skip to main content
CVE-2021-31535 CRITICAL POC THREAT Act Now

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libx11 X Window System Fedora
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-22911 CRITICAL POC THREAT Act Now

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
95.2%
CVE-2021-33590 CRITICAL POC Act Now

GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gattlib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-31155 HIGH POC PATCH This Week

Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Umask
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-31154 HIGH POC PATCH This Week

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pleaseedit
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-30500 HIGH POC PATCH This Week

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference RCE Denial Of Service Upx Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-30499 HIGH POC This Week

A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-28651 HIGH POC PATCH This Week

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux Fedora Cloud Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2021-22892 HIGH POC This Week

An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-22885 HIGH POC PATCH This Week

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rails Actionpack Page Caching Debian Linux
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2021-33558 HIGH POC THREAT This Week

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boa
NVD GitHub
CVSS 3.1
7.5
EPSS
10.3%
CVE-2021-31808 MEDIUM POC PATCH This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Squid Debian Linux Cloud Manager +1
NVD GitHub
CVSS 3.1
6.5
EPSS
5.5%
CVE-2021-31806 MEDIUM POC PATCH THREAT This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux Fedora Cloud Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
95.8%
CVE-2021-31920 MEDIUM POC This Month

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Istio
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-3509 MEDIUM POC PATCH This Month

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat XSS Ceph Storage
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-27852 CRITICAL KEV THREAT Act Now

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Survey
NVD
CVSS 3.1
9.8
EPSS
31.9%
CVE-2021-22891 CRITICAL PATCH Act Now

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Authentication Bypass Sharefile Storagezones Controller
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-30501 MEDIUM POC PATCH This Month

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Upx Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-33394 MEDIUM POC PATCH This Month

Cubecart 6.4.2 allows Session Fixation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Session Fixation Cubecart
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-28652 MEDIUM POC PATCH This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
4.3%
CVE-2021-20026 HIGH This Week

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sonicwall Network Security Manager
NVD
CVSS 3.1
8.8
EPSS
11.6%
CVE-2021-22908 HIGH This Week

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
8.8
EPSS
69.4%
CVE-2021-22899 HIGH KEV THREAT This Week

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Command Injection RCE Connect Secure
NVD
CVSS 3.1
8.8
EPSS
22.3%
CVE-2021-22894 HIGH KEV THREAT This Week

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Code Injection Connect Secure
NVD
CVSS 3.1
8.8
EPSS
41.3%
CVE-2021-30465 HIGH PATCH This Week

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Microsoft Path Traversal Race Condition Runc Fedora
NVD GitHub
CVSS 3.1
8.5
EPSS
6.6%
CVE-2021-27490 HIGH This Week

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior are vulnerable to an out-of-bounds read, which may allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Crosscadware Keyshot +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-27496 HIGH This Week

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crosscadware Keyshot Solid Edge Se2020 Firmware Solid Edge Se2021 Firmware
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-27494 HIGH This Week

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Crosscadware Keyshot Solid Edge Se2020 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-27488 HIGH This Week

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Crosscadware Keyshot Solid Edge Se2020 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-22118 HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Spring Framework Commerce Guided Search Communications Brm Elastic Charging Engine +29
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-33200 HIGH PATCH This Week

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Privilege Escalation Memory Corruption Linux Kernel +11
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22907 HIGH This Week

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Authentication Bypass Workspace
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32458 HIGH This Week

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Trend Micro Home Network Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22359 HIGH This Week

There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service S5700 Firmware S6700 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22909 HIGH This Week

A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Edgemax Edgerouter Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-31153 LOW POC PATCH Monitor

please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Please
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2021-22900 HIGH KEV THREAT This Week

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
14.1%
CVE-2021-33408 MEDIUM This Month

Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Center
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-22411 MEDIUM This Month

There is an out-of-bounds write vulnerability in some Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Ngfw Module Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-28662 MEDIUM PATCH This Month

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
71.9%
CVE-2021-32459 MEDIUM This Month

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Authentication Bypass Home Network Security
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32645 MEDIUM PATCH This Month

Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Multi Tenant
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-20727 MEDIUM This Month

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zettlr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-31525 MEDIUM PATCH This Month

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Go Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
3.7%
CVE-2021-32643 MEDIUM PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Http4S
NVD GitHub
CVSS 3.1
5.8
EPSS
1.4%
CVE-2021-27492 MEDIUM This Month

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Crosscadware Keyshot Solid Edge Se2020 Firmware Solid Edge Se2021 Firmware
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2021-22364 MEDIUM This Month

There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E136R7P2) of HUAWEI Mate 30 (5G) . Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Denial Of Service Mate 30 Firmware Mate 30 5G Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-22362 MEDIUM This Month

There is an out of bounds write vulnerability in some Huawei products. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Cloudengine 12800 Firmware Cloudengine 5800 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-22360 MEDIUM This Month

There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Usg9500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-22358 MEDIUM This Month

There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.1
4.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy