Skip to main content
CVE-2021-34427 CRITICAL POC THREAT Act Now

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Business Intelligence And Reporting Tools
NVD
CVSS 3.1
9.8
EPSS
57.7%
CVE-2021-34074 CRITICAL POC Act Now

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2021-34184 CRITICAL POC Act Now

Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Miniaudio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-35048 CRITICAL POC Act Now

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Deception Network
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-35049 HIGH POC This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2021-35047 HIGH POC This Week

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-34185 HIGH POC This Week

Miniaudio 0.10.35 has an integer-based buffer overflow caused by an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Miniaudio
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-35050 HIGH POC This Week

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deception Network
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-3314 MEDIUM POC This Month

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oracle Glassfish Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-35502 CRITICAL PATCH Act Now

app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-28958 CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho RCE Command Injection Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.8
EPSS
73.1%
CVE-2020-26801 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Su2200Rtxl2Ua Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-35501 MEDIUM POC This Month

PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-33538 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-33537 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware +5
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-33535 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-33533 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-33532 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-33531 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-33530 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-33528 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-1073 HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.1
8.3
EPSS
0.9%
CVE-2021-33895 HIGH This Week

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Backbox H4 09 Firmware Backbox E4 09 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-25654 HIGH This Week

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Aura Device Services
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-27043 HIGH This Week

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Advance Steel Autocad Autocad Architecture +8
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-27042 HIGH This Week

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Advance Steel Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-27041 HIGH This Week

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Advance Steel Autocad +11
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-33541 HIGH This Week

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ilc1X0 Firmware Ilc1X1 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-33536 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware +5
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33529 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-21005 HIGH This Week

In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Race Condition Fl Switch Smcs 16Tx Firmware Fl Switch Smcs 14Tx 2Fx Firmware Fl Switch Smcs 14Tx 2Fx Sm Firmware +12
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-21002 HIGH This Week

In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fl Comserver Uni 232 422 485 Firmware Fl Comserver Uni 232 422 485 T Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33540 HIGH This Week

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Axl F Bk Pn Tps Xc Firmware Axl F Bk Pn Tps Firmware Axl F Bk Eip Firmware Axl F Bk Eip Ef Firmware +14
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2021-33539 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-33534 HIGH This Week

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ie Wl Bl Ap Cl Eu Firmware Ie Wlt Bl Ap Cl Eu Firmware Ie Wl Bl Ap Cl Us Firmware Ie Wlt Bl Ap Cl Us Firmware +4
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-33542 HIGH This Week

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Memory Corruption RCE Config Pc Worx +1
NVD
CVSS 3.1
7.0
EPSS
1.8%
CVE-2021-21004 MEDIUM This Month

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fl Switch Smcs 16Tx Firmware Fl Switch Smcs 14Tx 2Fx Firmware Fl Switch Smcs 14Tx 2Fx Sm Firmware Fl Switch Smcs 8Gt Firmware +11
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-32702 MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Nextjs Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-29677 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Hashicorp Security Verify
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29676 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Hashicorp Security Verify
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-35475 MEDIUM This Month

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Environment Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-21003 MEDIUM This Month

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fl Switch Smcs 16Tx Firmware Fl Switch Smcs 14Tx 2Fx Firmware Fl Switch Smcs 14Tx 2Fx Sm Firmware Fl Switch Smcs 8Gt Firmware +11
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-31615 MEDIUM This Month

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Code Injection Race Condition Bluetooth Core Specification
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-20583 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Hashicorp Security Verify
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-27040 LOW Monitor

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Advance Steel Autocad +11
NVD
CVSS 3.1
3.3
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy