Skip to main content
CVE-2021-35523 HIGH POC This Week

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Openvpn Client
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-20574 HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Code Injection Security Identity Manager Adapter
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-28588 HIGH This Week

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Adobe Robohelp Server
NVD
CVSS 3.1
8.8
EPSS
6.2%
CVE-2021-28562 HIGH PATCH This Week

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Memory Corruption Use After Free Adobe Denial Of Service +2
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2021-21102 HIGH This Week

Adobe Illustrator version 25.2 (and earlier) is affected by a Path Traversal vulnerability when parsing a specially crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Adobe Illustrator
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2021-21101 HIGH This Week

Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2021-21099 HIGH This Week

Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Indesign
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2021-21098 HIGH This Week

Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Indesign
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2021-21090 HIGH This Week

Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Adobe Incopy
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2021-20740 HIGH This Week

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Virtual File Platform Nas Gateway Nh4A Firmware Nas Gateway Nh8A Firmware Nas Gateway Nh4B Firmware +3
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-28570 HIGH This Week

Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe After Effects
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2021-28586 HIGH This Week

After Effects version 18.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption After Effects
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-20745 HIGH This Week

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Inkdrop
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-35299 HIGH This Week

Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-21083 HIGH This Week

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-28584 HIGH PATCH This Week

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy