Skip to main content
CVE-2021-25947 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Nestie
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-22333 CRITICAL Act Now

There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-33806 CRITICAL PATCH Act Now

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java Bdlib
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-28807 MEDIUM POC This Month

A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap XSS Q Center
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-33815 HIGH PATCH This Week

dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24023 HIGH This Week

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortiai Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-28812 HIGH This Week

A command injection vulnerability has been reported to affect certain versions of Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-32660 HIGH PATCH This Week

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Information Disclosure Backstage Techdocs Common
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-22335 HIGH This Week

There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Emui Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32460 HIGH This Week

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Maximum Security 2021
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32926 HIGH This Week

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micro800 Firmware Micrologix 1400 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-22336 HIGH This Week

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Code Injection Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22324 HIGH This Week

There is a Credentials Management Errors vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22322 HIGH This Week

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22317 HIGH This Week

There is an Information Disclosure vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22313 HIGH This Week

There is a Security Function vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20380 HIGH This Week

IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Advisor With Watson
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28848 HIGH PATCH This Week

Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Microsoft Denial Of Service Mintty
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-28847 HIGH This Week

MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Mobaxterm
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22334 HIGH This Week

There is an Improper Access Control vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2021-32923 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
7.4
EPSS
1.4%
CVE-2021-32661 HIGH PATCH This Week

Backstage is an open platform for building developer portals. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Information Disclosure Backstage Plugin Techdocs
NVD GitHub
CVSS 3.1
7.3
EPSS
1.2%
CVE-2021-22316 MEDIUM This Month

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-32666 MEDIUM PATCH This Month

wire-ios is the iOS version of Wire, an open-source secure messaging app. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apple Denial Of Service Wire
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-32662 MEDIUM PATCH This Month

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Backstage
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-32665 MEDIUM PATCH This Month

wire-ios is the iOS version of Wire, an open-source secure messaging app. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apple Information Disclosure Wire
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-26584 MEDIUM This Month

A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware Oneview For Vmware Vcenter
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-3569 MEDIUM PATCH This Month

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libtpms Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-31831 MEDIUM This Month

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Database Security
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-3469 MEDIUM This Month

Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Foreman
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-28806 MEDIUM This Month

A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap XSS Qts Quts Hero Qutscloud
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22337 MEDIUM This Month

There is an Information Disclosure vulnerability in Huawei Smartphone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-22325 MEDIUM This Month

There is an Information Disclosure vulnerability in Huawei Smartphone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-22130 MEDIUM This Month

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fortinet Denial Of Service +1
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-31830 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Database Security
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-22308 LOW Monitor

There is a Business Logic Errors vulnerability in Huawei Smartphone. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy