Skip to main content
CVE-2021-32621 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-29505 HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java Xstream Debian Linux +15
NVD GitHub
CVSS 3.1
8.8
EPSS
77.7%
CVE-2021-29628 HIGH POC This Week

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freebsd
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-32620 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-33591 HIGH This Week

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Comic Viewer
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-20240 HIGH PATCH This Week

A flaw was found in gdk-pixbuf in versions before 2.42.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Gdk Pixbuf Fedora
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-29492 HIGH This Week

Envoy is a cloud-native edge/middle/service proxy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
68.4%
CVE-2021-27032 HIGH This Week

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Licensing Services
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33587 HIGH PATCH This Week

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Css What E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-33623 HIGH PATCH This Week

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Trim Newlines E Series Performance Analyzer Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-29629 HIGH This Week

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-20237 HIGH PATCH This Week

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libzmq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32646 HIGH PATCH This Week

Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Dav Cogs
NVD GitHub
CVSS 3.1
7.3
EPSS
0.7%
CVE-2021-20267 HIGH PATCH This Week

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Neutron Openstack Platform
NVD
CVSS 3.1
7.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy