Skip to main content
CVE-2021-33346 CRITICAL POC Act Now

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2888A Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-31649 CRITICAL POC Act Now

In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Redis Jfinal
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-29954 CRITICAL POC Act Now

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hubs Cloud Reticulum
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-23999 HIGH POC This Week

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-25923 HIGH POC PATCH This Week

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Brute Force Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-35448 HIGH POC This Week

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Emote Interactive Studio
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29950 HIGH POC This Week

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-35041 HIGH POC This Week

The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fisco Bcos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-23991 MEDIUM POC This Month

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2021-33348 MEDIUM POC PATCH This Month

An issue was discovered in JFinal framework v4.9.10 and below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23398 MEDIUM POC This Month

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS React Bootstrap Table
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-28800 CRITICAL Act Now

A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qts
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-32704 HIGH This Week

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dhis 2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-29967 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-29966 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 88. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29947 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 87. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-29946 HIGH This Week

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Integer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-24002 HIGH This Week

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23997 HIGH This Week

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-23995 HIGH This Week

When Responsive Design Mode was enabled, it used references to objects that were previously freed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23994 HIGH This Week

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-25650 HIGH This Week

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aura Utility Services
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-29957 MEDIUM POC This Month

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-29956 MEDIUM POC This Month

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-32708 HIGH PATCH This Week

Flysystem is an open source file storage library for PHP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE PHP Flysystem Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
3.5%
CVE-2021-29968 HIGH This Week

When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-3500 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32493 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-32492 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32491 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32490 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-33004 HIGH This Week

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-33002 HIGH This Week

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-33000 HIGH This Week

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29949 HIGH This Week

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25653 HIGH This Week

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aura Appliance Virtualization Platform
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25651 HIGH This Week

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aura Utility Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-32823 LOW POC PATCH Monitor

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Bindata Gitlab
NVD GitHub
CVSS 3.1
3.7
EPSS
1.9%
CVE-2021-32717 HIGH PATCH This Week

Shopware is an open source eCommerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-32711 HIGH PATCH This Week

Shopware is an open source eCommerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-32710 HIGH PATCH This Week

Shopware is an open source eCommerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-29703 HIGH PATCH This Week

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-21574 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-21573 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-21572 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Heap Overflow Dell RCE Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-29952 HIGH This Week

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google RCE Race Condition Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-21737 HIGH This Week

A smart STB product of ZTE is impacted by a permission and access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation Zxv10 B860H V5 0 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-29964 HIGH This Week

A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Mozilla Firefox +2
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2021-29777 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-20579 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
6.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy