Skip to main content
CVE-2021-25949 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Set Getter
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-25948 CRITICAL POC Act Now

Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Expand Hash
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-31659 HIGH POC This Week

TP-Link TL-SG2005, TL-SG2008, etc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link Tl Sg2005 Firmware Tl Sg2008 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-26195 HIGH POC This Week

An issue was discovered in JerryScript 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jerryscript
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-31658 HIGH POC This Week

TP-Link TL-SG2005, TL-SG2008, etc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Denial Of Service Tl Sg2005 Firmware Tl Sg2008 Firmware
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-31998 HIGH POC This Week

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Inn
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25322 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python Privilege Escalation Python Hyperkitty
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-34555 HIGH POC PATCH This Week

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Opendmarc Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-31538 HIGH POC This Week

LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lcos Fx
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-23024 HIGH POC This Week

On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Big Iq Centralized Management
NVD
CVSS 3.1
7.2
EPSS
5.3%
CVE-2021-20081 HIGH POC THREAT This Week

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus
NVD
CVSS 3.1
7.2
EPSS
52.4%
CVE-2021-34546 MEDIUM POC This Month

An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Netsetman
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2021-26199 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26198 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26197 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26194 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26691 CRITICAL PATCH Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apache Http Server Debian Linux +6
NVD
CVSS 3.1
9.8
EPSS
68.1%
CVE-2021-27347 MEDIUM POC This Month

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-27345 MEDIUM POC This Month

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-34363 CRITICAL PATCH Act Now

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Path Traversal The Fuck Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2021-31928 HIGH This Week

Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Loyalty Experience Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-21665 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Xebialabs Xl Deploy
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-34557 MEDIUM POC PATCH This Month

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Xscreensaver Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2021-34547 MEDIUM POC This Month

PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Prtg Network Monitor
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-23022 HIGH This Week

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-23023 HIGH This Week

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3041 HIGH This Week

A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Paloalto Cortex Xdr Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31997 HIGH This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Python Privilege Escalation Python Postorius
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26690 HIGH This Week

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Apache Denial Of Service Http Server Debian Linux +4
NVD
CVSS 3.1
7.5
EPSS
65.1%
CVE-2021-31840 HIGH This Week

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Mcafee Agent
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-3588 LOW POC Monitor

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bluez
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2021-3040 HIGH This Week

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Hashicorp Bridgecrew Checkov
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-21736 HIGH This Week

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Privilege Escalation Zxhn Hs562 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-34539 HIGH This Week

An issue was discovered in CubeCoders AMP before 2.1.1.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Java Amp
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-21735 MEDIUM This Month

A ZTE product has an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H168N Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-20329 MEDIUM PATCH This Month

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Go Driver
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21664 MEDIUM PATCH This Month

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Xebialabs Xl Deploy
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21666 MEDIUM PATCH This Month

Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Kiuwan
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-20293 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Resteasy Oncommand Insight
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-30641 MEDIUM This Month

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Http Server Debian Linux Fedora +3
NVD
CVSS 3.1
5.3
EPSS
52.3%
CVE-2021-31927 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Loyalty Experience Platform
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-21663 MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xebialabs Xl Deploy
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21662 MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xebialabs Xl Deploy
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21661 MEDIUM PATCH This Month

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-31929 MEDIUM This Month

Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Loyalty Experience Platform
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-3039 LOW Monitor

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Prisma Cloud
NVD
CVSS 3.1
3.8
EPSS
0.5%
CVE-2021-31839 LOW Monitor

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Agent
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-33031 LOW Monitor

In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Labcup
NVD GitHub
CVSS 3.1
3.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy