Skip to main content
CVE-2021-33879 HIGH POC This Week

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Gameloop
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-32198 CRITICAL Act Now

EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by telling the ZOC window to change its title repeatedly at high speed, which results in many. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Zoc
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-33881 MEDIUM POC This Month

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Mifare Ultralight Ev1 Firmware Mifare Ultralight C Firmware Mifare Ultralight Nano Firmware Ntag 210 Firmware +4
NVD
CVSS 3.1
4.2
EPSS
0.4%
CVE-2021-33898 HIGH PATCH This Week

In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE PHP Invoice Ninja
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2021-31701 HIGH This Week

Mintty before 3.4.7 mishandles Bracketed Paste Mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mintty
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-33880 MEDIUM PATCH This Month

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Websockets Communications Cloud Native Core Policy Communications Cloud Native Core Security Edge Protection Proxy +2
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy