Skip to main content
CVE-2021-23400 HIGH POC PATCH This Week

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Nodemailer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21871 HIGH POC This Week

A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Poweriso
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-35941 HIGH POC THREAT This Week

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wd My Book Live Firmware Wd My Book Live Duo Firmware
NVD
CVSS 3.1
7.5
EPSS
12.7%
CVE-2021-29479 MEDIUM POC PATCH This Month

Ratpack is a toolkit for creating web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ratpack
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-32992 CRITICAL Act Now

FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Winproladder
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-32990 CRITICAL Act Now

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Winproladder
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-32988 CRITICAL Act Now

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Winproladder
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-31531 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-31838 CRITICAL Act Now

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mvision Edr
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2021-29485 HIGH PATCH This Week

Ratpack is a toolkit for creating web applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Java Ratpack
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-20102 HIGH This Week

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Machform
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-34824 HIGH This Week

Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Istio
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-22439 HIGH This Week

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Huawei Anyoffice
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-20104 HIGH This Week

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE PHP File Upload Machform
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2021-28830 HIGH This Week

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Runtime For R Spotfire Analytics Platform Spotfire Server +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-23275 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Runtime For R Spotfire Analytics Platform Spotfire Server +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31516 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Binary Ninja
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-31515 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Binary Ninja
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-31514 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31513 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31512 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31511 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31510 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31509 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31508 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31507 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-28691 HIGH This Week

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22545 HIGH This Week

An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Bindiff
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29481 HIGH PATCH This Week

Ratpack is a toolkit for creating web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Information Disclosure Ratpack
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-22119 HIGH PATCH This Week

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Spring Security Communications Cloud Native Core Policy
NVD
CVSS 3.1
7.5
EPSS
6.0%
CVE-2021-31530 HIGH This Week

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-31160 HIGH This Week

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-34550 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tor
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-34549 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-32565 HIGH This Week

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-27577 HIGH This Week

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-34548 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tor
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-33503 HIGH PATCH This Week

An issue was discovered in urllib3 before 1.26.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Urllib3 Fedora Enterprise Manager Ops Center Instantis Enterprisetrack +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-1134 HIGH This Week

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Authentication Bypass Catalyst Center
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2021-31505 MEDIUM This Month

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Q Plus Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-20079 MEDIUM This Month

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nessus
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-28690 MEDIUM PATCH This Month

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xen
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32721 MEDIUM PATCH This Month

PowerMux is a drop-in replacement for Go's http.ServeMux. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Powermux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20105 MEDIUM This Month

Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect PHP Machform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20103 MEDIUM This Month

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Machform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20101 MEDIUM This Month

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Machform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20490 MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Privilege Escalation Spectrum Protect Plus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20477 MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22338 MEDIUM This Month

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Ecns280 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-22341 MEDIUM This Month

There is a memory leak vulnerability in Huawei products. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ips Module Firmware Ngfw Module Firmware Nip6300 Firmware +4
NVD
CVSS 3.1
4.9
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy