Skip to main content
CVE-2021-23999 HIGH POC This Week

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-25923 HIGH POC PATCH This Week

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Brute Force Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-35448 HIGH POC This Week

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Emote Interactive Studio
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29950 HIGH POC This Week

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-35041 HIGH POC This Week

The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fisco Bcos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-32704 HIGH This Week

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dhis 2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-29967 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-29966 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 88. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29947 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 87. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-29946 HIGH This Week

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Integer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-24002 HIGH This Week

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23997 HIGH This Week

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-23995 HIGH This Week

When Responsive Design Mode was enabled, it used references to objects that were previously freed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23994 HIGH This Week

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-25650 HIGH This Week

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aura Utility Services
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-32708 HIGH PATCH This Week

Flysystem is an open source file storage library for PHP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE PHP Flysystem Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
3.5%
CVE-2021-29968 HIGH This Week

When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-3500 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32493 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-32492 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32491 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32490 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-33004 HIGH This Week

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-33002 HIGH This Week

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-33000 HIGH This Week

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29949 HIGH This Week

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25653 HIGH This Week

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aura Appliance Virtualization Platform
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25651 HIGH This Week

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aura Utility Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-32717 HIGH PATCH This Week

Shopware is an open source eCommerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-32711 HIGH PATCH This Week

Shopware is an open source eCommerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-32710 HIGH PATCH This Week

Shopware is an open source eCommerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-29703 HIGH PATCH This Week

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-21574 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-21573 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-21572 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Heap Overflow Dell RCE Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-29952 HIGH This Week

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google RCE Race Condition Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-21737 HIGH This Week

A smart STB product of ZTE is impacted by a permission and access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation Zxv10 B860H V5 0 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-29964 HIGH This Week

A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Mozilla Firefox +2
NVD
CVSS 3.1
7.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy