Skip to main content
CVE-2021-34813 CRITICAL POC PATCH Act Now

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Olm
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2021-20093 CRITICAL POC PATCH THREAT Act Now

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Codemeter Pss Cape Sicam 230 Firmware +7
NVD
CVSS 3.1
9.1
EPSS
33.3%
CVE-2021-32243 HIGH POC This Week

FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fogproject
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-34202 HIGH POC This Week

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE D-Link Memory Corruption Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
4.4%
CVE-2021-34203 HIGH POC This Week

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-32612 HIGH POC This Week

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Veryfitpro
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-33813 HIGH POC PATCH THREAT This Week

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service XXE Jdom Solr Tika +3
NVD GitHub
CVSS 3.1
7.5
EPSS
19.4%
CVE-2021-20094 HIGH POC PATCH This Week

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Codemeter Pss Cape +1
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2021-34201 HIGH POC This Week

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-34204 MEDIUM POC This Month

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
1.4%
CVE-2021-32623 MEDIUM POC PATCH This Month

Opencast is a free and open source solution for automated video capture and distribution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-32691 CRITICAL PATCH Act Now

Apollos Apps is an open source platform for launching church-related apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Data Connector Rock
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-27610 CRITICAL Act Now

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-32928 CRITICAL Act Now

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sentinel Ldk Run Time Environment
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-32685 CRITICAL PATCH Act Now

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Jwt Attack Tenvoy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-32245 MEDIUM POC This Month

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Pagekit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32244 MEDIUM POC This Month

Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moodle
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-34801 MEDIUM POC This Month

Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Valine
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-31159 MEDIUM POC THREAT This Month

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus Msp
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
17.8%
CVE-2021-27489 HIGH This Week

ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Defibrillator Dashboard
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-32690 HIGH PATCH This Week

Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
8.6
EPSS
1.4%
CVE-2021-32033 MEDIUM POC This Month

Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Slim Nfc 70 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2021-34551 HIGH PATCH This Week

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft File Upload RCE Phpmailer Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
2.8%
CVE-2021-1542 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco XSS Authentication Bypass Sf220 24 Firmware Sf220 24P Firmware +7
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-31476 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
6.4%
CVE-2021-34803 HIGH This Week

TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Teamviewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-27483 HIGH This Week

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Defibrillator Dashboard
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29702 HIGH PATCH This Week

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-20566 HIGH PATCH This Week

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22914 HIGH This Week

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloud Connector
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-27485 HIGH This Week

ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Defibrillator Dashboard
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-30468 HIGH PATCH This Week

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Cxf Tomee Business Intelligence +2
NVD
CVSS 3.1
7.5
EPSS
7.0%
CVE-2021-21441 HIGH This Week

There is a XSS vulnerability in the ticket overview screens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1566 HIGH This Week

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Email Security Appliance Asyncos Web Security Appliance
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2021-31477 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Reason Rpv311 Firmware
NVD
CVSS 3.1
7.3
EPSS
2.6%
CVE-2021-1541 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Authentication Bypass Sf220 24 Firmware Sf220 24P Firmware +7
NVD
CVSS 3.1
7.2
EPSS
8.8%
CVE-2021-28979 MEDIUM This Month

SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safenet Keysecure
NVD VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-1567 MEDIUM This Month

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected. Rated medium severity (CVSS 6.7). No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1570 MEDIUM This Month

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Jabber
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-1569 MEDIUM This Month

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Jabber
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-1524 MEDIUM This Month

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meeting Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20488 MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20483 MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-32676 MEDIUM This Month

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nextcloud Session Fixation Talk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-1571 MEDIUM PATCH This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Cisco XSS Authentication Bypass Sf220 24 Firmware Sf220 24P Firmware +7
NVD
CVSS 3.1
6.1
EPSS
9.7%
CVE-2021-1543 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Authentication Bypass Sf220 24 Firmware Sf220 24P Firmware +7
NVD
CVSS 3.1
6.1
EPSS
9.3%
CVE-2021-1395 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Intelligence Center Packaged Contact Center Enterprise Unified Contact Center Enterprise +1
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3535 MEDIUM This Month

Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexpose
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-31857 MEDIUM This Month

In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zoho Information Disclosure Manageengine Password Manager Pro
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2021-1568 MEDIUM This Month

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy