Skip to main content
CVE-2021-32243 HIGH POC This Week

FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fogproject
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-34202 HIGH POC This Week

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE D-Link Memory Corruption Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
4.4%
CVE-2021-34203 HIGH POC This Week

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-32612 HIGH POC This Week

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Veryfitpro
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-33813 HIGH POC PATCH THREAT This Week

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service XXE Jdom Solr Tika +3
NVD GitHub
CVSS 3.1
7.5
EPSS
19.4%
CVE-2021-20094 HIGH POC PATCH This Week

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Codemeter Pss Cape +1
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2021-34201 HIGH POC This Week

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-27489 HIGH This Week

ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Defibrillator Dashboard
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-32690 HIGH PATCH This Week

Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
8.6
EPSS
1.4%
CVE-2021-34551 HIGH PATCH This Week

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft File Upload RCE Phpmailer Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
2.8%
CVE-2021-1542 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco XSS Authentication Bypass Sf220 24 Firmware Sf220 24P Firmware +7
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-31476 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
6.4%
CVE-2021-34803 HIGH This Week

TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Teamviewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-27483 HIGH This Week

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Defibrillator Dashboard
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29702 HIGH PATCH This Week

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-20566 HIGH PATCH This Week

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22914 HIGH This Week

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloud Connector
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-27485 HIGH This Week

ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Defibrillator Dashboard
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-30468 HIGH PATCH This Week

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Cxf Tomee Business Intelligence +2
NVD
CVSS 3.1
7.5
EPSS
7.0%
CVE-2021-21441 HIGH This Week

There is a XSS vulnerability in the ticket overview screens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1566 HIGH This Week

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Email Security Appliance Asyncos Web Security Appliance
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2021-31477 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Reason Rpv311 Firmware
NVD
CVSS 3.1
7.3
EPSS
2.6%
CVE-2021-1541 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Authentication Bypass Sf220 24 Firmware Sf220 24P Firmware +7
NVD
CVSS 3.1
7.2
EPSS
8.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy