Skip to main content
CVE-2021-32637 CRITICAL POC PATCH Act Now

Authelia is a a single sign-on multi-factor portal for web apps. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Authentication Bypass Authelia
NVD GitHub
CVSS 3.1
10.0
EPSS
1.9%
CVE-2021-32621 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-29505 HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java Xstream Debian Linux +15
NVD GitHub
CVSS 3.1
8.8
EPSS
77.7%
CVE-2021-29628 HIGH POC This Week

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freebsd
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-15782 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Information Disclosure Simatic Driver Controller Firmware S7 1200 Cpu Firmware S7 1500 Cpu Firmware +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2021-32619 CRITICAL PATCH Act Now

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Deno
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-22519 CRITICAL Act Now

Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sitescope
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-20236 CRITICAL PATCH Act Now

A flaw was found in the ZeroMQ server in versions before 4.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zeromq Ceph Storage Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-20195 CRITICAL PATCH Act Now

A flaw was found in keycloak in versions before 13.0.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Keycloak
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2021-32642 CRITICAL Act Now

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Radsecproxy Fedora
NVD GitHub
CVSS 3.1
9.4
EPSS
1.3%
CVE-2021-20201 MEDIUM POC This Month

A flaw was found in spice in versions before 0.14.92. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Spice Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2021-32620 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-33591 HIGH This Week

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Comic Viewer
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-20240 HIGH PATCH This Week

A flaw was found in gdk-pixbuf in versions before 2.42.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Gdk Pixbuf Fedora
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-29492 HIGH This Week

Envoy is a cloud-native edge/middle/service proxy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
68.4%
CVE-2021-27032 HIGH This Week

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Licensing Services
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33587 HIGH PATCH This Week

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Css What E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-33623 HIGH PATCH This Week

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Trim Newlines E Series Performance Analyzer Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-29629 HIGH This Week

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-20237 HIGH PATCH This Week

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libzmq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32646 HIGH PATCH This Week

Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Dav Cogs
NVD GitHub
CVSS 3.1
7.3
EPSS
0.7%
CVE-2021-20267 HIGH PATCH This Week

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Neutron Openstack Platform
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-20292 MEDIUM PATCH This Month

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Privilege Escalation Memory Corruption Linux Kernel +3
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2021-29507 MEDIUM This Month

GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Diagnostic Log And Trace
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-3514 MEDIUM This Month

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service 389 Directory Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-33620 MEDIUM PATCH This Month

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Squid Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
79.6%
CVE-2021-21734 MEDIUM This Month

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxa10 F821 Firmware Zxa10 F822 Firmware Zxa10 F819 Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20278 MEDIUM PATCH This Month

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kiali
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-32635 MEDIUM PATCH This Month

Singularity is an open source container platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.1
6.3
EPSS
1.4%
CVE-2021-32616 MEDIUM PATCH This Month

1CDN is open-source file sharing software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS 1Cdn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-32542 MEDIUM This Month

The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cts Web
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-32543 MEDIUM This Month

The CTS Web transaction system related to authentication management is implemented incorrectly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cts Web
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-32540 MEDIUM This Month

Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 101Eip
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32539 MEDIUM This Month

Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 101Eip
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32541 MEDIUM This Month

The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cts Web
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-20239 LOW Monitor

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy