Skip to main content
CVE-2021-31659 HIGH POC This Week

TP-Link TL-SG2005, TL-SG2008, etc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link Tl Sg2005 Firmware Tl Sg2008 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-26195 HIGH POC This Week

An issue was discovered in JerryScript 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jerryscript
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-31658 HIGH POC This Week

TP-Link TL-SG2005, TL-SG2008, etc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Denial Of Service Tl Sg2005 Firmware Tl Sg2008 Firmware
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-31998 HIGH POC This Week

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Inn
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25322 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python Privilege Escalation Python Hyperkitty
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-34555 HIGH POC PATCH This Week

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Opendmarc Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-31538 HIGH POC This Week

LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lcos Fx
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-23024 HIGH POC This Week

On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Big Iq Centralized Management
NVD
CVSS 3.1
7.2
EPSS
5.3%
CVE-2021-20081 HIGH POC THREAT This Week

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus
NVD
CVSS 3.1
7.2
EPSS
52.4%
CVE-2021-31928 HIGH This Week

Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Loyalty Experience Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-21665 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Xebialabs Xl Deploy
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-23022 HIGH This Week

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-23023 HIGH This Week

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3041 HIGH This Week

A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Paloalto Cortex Xdr Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31997 HIGH This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Python Privilege Escalation Python Postorius
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26690 HIGH This Week

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Apache Denial Of Service Http Server Debian Linux +4
NVD
CVSS 3.1
7.5
EPSS
65.1%
CVE-2021-31840 HIGH This Week

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Mcafee Agent
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-3040 HIGH This Week

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Hashicorp Bridgecrew Checkov
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-21736 HIGH This Week

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Privilege Escalation Zxhn Hs562 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-34539 HIGH This Week

An issue was discovered in CubeCoders AMP before 2.1.1.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Java Amp
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy