Skip to main content
CVE-2021-33879 HIGH POC This Week

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Gameloop
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-33898 HIGH PATCH This Week

In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE PHP Invoice Ninja
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2021-31701 HIGH This Week

Mintty before 3.4.7 mishandles Bracketed Paste Mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mintty
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy