Skip to main content
CVE-2021-31921 CRITICAL POC Act Now

Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Istio
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-30474 CRITICAL PATCH Act Now

aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Aomedia
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-26707 CRITICAL PATCH Act Now

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Node.js Information Disclosure Merge Deep E Series Performance Analyzer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-3538 CRITICAL PATCH Act Now

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uuid
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-3520 CRITICAL PATCH Act Now

There's a flaw in lz4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Lz4 Active Iq Unified Manager Cloud Backup +4
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-29089 CRITICAL Act Now

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology SQLi Photo Station
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25288 CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2021-25287 CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy