Skip to main content
CVE-2021-21777 CRITICAL POC Act Now

An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Opener
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2021-23396 CRITICAL POC Act Now

All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Lutils
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-34825 HIGH POC This Week

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quassel Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-32078 HIGH POC PATCH This Week

An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-32426 MEDIUM POC This Month

In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tw100 S4W1Ca Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33557 MEDIUM POC PATCH This Month

An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mantisbt
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-32694 MEDIUM POC PATCH This Month

Nextcloud Android app is the Android client for Nextcloud. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Nextcloud Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-32681 MEDIUM POC PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python XSS Wagtail
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-32693 HIGH PATCH This Week

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Symfony
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-32424 HIGH This Week

In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tw100 S4W1Ca Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-3603 HIGH PATCH This Week

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Code Injection Phpmailer Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
2.3%
CVE-2021-32952 HIGH PATCH This Week

An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Drawings Sdk Comos Jt2Go +1
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-32948 HIGH PATCH This Week

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Drawings Sdk Comos Jt2Go +1
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-32944 HIGH PATCH This Week

A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow RCE Memory Corruption Drawings Sdk +3
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-32936 HIGH PATCH This Week

An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Drawings Sdk Comos Jt2Go +1
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-32946 HIGH PATCH This Week

An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Drawings Sdk Comos Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-0143 HIGH This Week

Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Brand Verification Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32582 HIGH This Week

An issue was discovered in ConnectWise Automate before 2021.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Connectwise Automate
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-32695 LOW POC PATCH Monitor

Nextcloud Android app is the Android client for Nextcloud. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
3.3
EPSS
0.9%
CVE-2021-29706 HIGH PATCH This Week

IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

IBM Denial Of Service Aix
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-32950 HIGH PATCH This Week

An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Drawings Sdk Comos Jt2Go +1
NVD
CVSS 3.1
7.1
EPSS
2.1%
CVE-2021-32940 HIGH PATCH This Week

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Drawings Sdk Comos Jt2Go +1
NVD
CVSS 3.1
7.1
EPSS
2.1%
CVE-2021-32938 HIGH PATCH This Week

Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Drawings Sdk Comos Jt2Go +1
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2021-32575 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-31521 MEDIUM PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-31818 MEDIUM This Month

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Server
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy