Skip to main content
CVE-2021-21280 CRITICAL POC PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-3604 CRITICAL POC Act Now

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Secure 8
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-33576 CRITICAL POC Act Now

An issue was discovered in Cleo LexiCom 5.5.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lexicom
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-33824 HIGH POC This Week

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mgate Mb3180 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-33823 HIGH POC This Week

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mgate Mb3180 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-33822 HIGH POC This Week

An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 4Gee Router Hh70Vb Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-33820 HIGH POC This Week

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Information Disclosure Camera G3 Flex Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-33818 HIGH POC This Week

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Denial Of Service Camera G3 Flex Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-26835 MEDIUM POC This Month

No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zettlr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-31272 CRITICAL PATCH Act Now

SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Path Traversal Serenityos
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-21281 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-21282 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-21669 CRITICAL PATCH Act Now

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Generic Webhook Trigger
NVD
CVSS 3.1
9.8
EPSS
25.7%
CVE-2021-26834 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Znote
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33347 MEDIUM POC This Month

An issue was discovered in JPress v3.3.0 and below. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33577 MEDIUM POC This Month

An issue was discovered in Cleo LexiCom 5.5.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lexicom
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-21410 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-23845 HIGH This Week

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass B426 Firmware B426 Cn Firmware B429 Cn Firmware B426 M Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-34815 MEDIUM POC This Month

CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Canopy
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-34810 HIGH This Week

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE Privilege Escalation Download Station
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-34809 HIGH This Week

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE Command Injection Download Station
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-33186 HIGH This Week

SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Serenityos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33185 HIGH This Week

SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Serenityos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31664 HIGH This Week

RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-31663 HIGH PATCH This Week

RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-31662 HIGH PATCH This Week

RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-31661 HIGH PATCH This Week

RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-31660 HIGH PATCH This Week

RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-21279 HIGH This Week

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Contiki Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-21257 HIGH PATCH This Week

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-34812 HIGH This Week

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology PHP Authentication Bypass Calendar
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-32954 MEDIUM This Month

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webaccess Scada
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2021-32956 MEDIUM This Month

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Webaccess Scada
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-32536 MEDIUM This Month

The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mcusystem
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-23846 MEDIUM This Month

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure B426 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2021-21997 MEDIUM PATCH This Month

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure VMware Tools
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-32696 MEDIUM PATCH This Month

The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js XSS Striptags
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-34808 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology SSRF Media Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-34811 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-34553 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy