Skip to main content
CVE-2021-21809 CRITICAL POC THREAT Emergency

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Moodle
NVD
CVSS 3.1
9.1
EPSS
24.2%
CVE-2021-35438 MEDIUM POC This Month

phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-21998 CRITICAL PATCH Act Now

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Carbon Black App Control
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-27649 CRITICAL Act Now

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology RCE Memory Corruption Use After Free Denial Of Service +2
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-34071 MEDIUM POC This Month

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-34070 MEDIUM POC This Month

Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34069 MEDIUM POC This Month

Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34068 MEDIUM POC This Month

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34067 MEDIUM POC This Month

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-2322 HIGH This Week

Vulnerability in OpenGrok (component: Web App). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Opengrok
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-31586 HIGH This Week

Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Kiteworks
NVD GitHub
CVSS 3.1
8.8
EPSS
44.1%
CVE-2021-33624 MEDIUM POC PATCH This Month

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory. Rated medium severity (CVSS 4.7). Public exploit code available.

Linux Memory Corruption Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.9%
CVE-2021-21999 HIGH PATCH This Week

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft OpenSSL VMware App Volumes +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-20019 HIGH This Week

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29620 HIGH PATCH This Week

Report portal is an open source reporting and analysis framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Service Api
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-29087 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Path Traversal Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29086 HIGH This Week

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Information Disclosure Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-29085 HIGH This Week

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Code Injection Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-29084 HIGH This Week

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Code Injection Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-28976 HIGH POC This Week

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Getsimplecms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
7.5%
CVE-2021-31585 MEDIUM This Month

Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kiteworks
NVD GitHub
CVSS 3.1
6.7
EPSS
0.9%
CVE-2021-35210 MEDIUM PATCH This Month

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contao
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-28977 MEDIUM This Month

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Getsimplecms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy