Skip to main content
CVE-2021-27200 CRITICAL POC Act Now

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Wowonder
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-21833 CRITICAL POC Act Now

An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-21824 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-21795 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-22175 CRITICAL POC KEV THREAT Act Now

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
9.8
EPSS
53.4%
CVE-2021-21382 CRITICAL POC Act Now

Restund is an open source NAT traversal server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Restund
NVD GitHub
CVSS 3.1
9.6
EPSS
1.5%
CVE-2021-21808 HIGH POC This Week

A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-26828 HIGH POC KEV PATCH THREAT This Week

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft File Upload Scadabr
NVD GitHub
CVSS 3.1
8.8
EPSS
39.1%
CVE-2021-22901 HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption RCE Curl +25
NVD GitHub
CVSS 3.1
8.1
EPSS
60.1%
CVE-2021-28210 HIGH POC This Week

An unlimited recursion in DxeCore in EDK II. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edk2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25414 HIGH POC This Week

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25684 HIGH POC This Week

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25683 HIGH POC This Week

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25682 HIGH POC This Week

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-22904 HIGH POC PATCH This Week

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rails
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2021-22902 HIGH POC PATCH This Week

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rails
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-25410 HIGH POC This Week

Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-28211 MEDIUM POC This Month

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-3256 MEDIUM POC This Month

KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Kuaifancms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-22912 MEDIUM POC This Month

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22906 MEDIUM POC This Month

Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Denial Of Service End To End Encryption
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-22905 MEDIUM POC This Month

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-34540 MEDIUM POC This Month

Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webaccess
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-25387 CRITICAL Act Now

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2021-22768 CRITICAL Act Now

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Powerlogic Egx100 Firmware Powerlogic Egx300 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22767 CRITICAL Act Now

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Powerlogic Egx100 Firmware Powerlogic Egx300 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22765 CRITICAL Act Now

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Powerlogic Egx100 Firmware Powerlogic Egx300 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-22895 MEDIUM POC PATCH This Month

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Nextcloud Information Disclosure Desktop Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-22763 CRITICAL Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerlogic Pm5560 Firmware Powerlogic Pm5561 Firmware Powerlogic Pm5562 Firmware Powerlogic Pm5563 Firmware +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2021-32930 CRITICAL Act Now

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Iview
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2021-27410 CRITICAL Act Now

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Connex Central Station Connex Device Integration Suite Network Connectivity Engine +7
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-0474 CRITICAL PATCH Act Now

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-22915 CRITICAL Act Now

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-25386 CRITICAL Act Now

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-25385 CRITICAL Act Now

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-25384 CRITICAL Act Now

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-25383 CRITICAL Act Now

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-3013 CRITICAL PATCH Act Now

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Ripgrep
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25413 MEDIUM POC This Month

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25397 MEDIUM POC This Month

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25393 MEDIUM POC This Month

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25392 MEDIUM POC This Month

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22897 MEDIUM POC PATCH This Month

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function +18
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-26829 MEDIUM POC KEV THREAT This Month

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Scadabr
NVD
CVSS 3.1
5.4
EPSS
48.0%
CVE-2021-24035 CRITICAL Act Now

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-0475 HIGH PATCH This Week

In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-0473 HIGH PATCH This Week

In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-23140 HIGH This Week

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-29754 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-25424 HIGH This Week

Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Watch Active 2 Firmware Galaxy Watch Active Firmware Galaxy Watch Firmware Galaxy Watch 3 Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy