Skip to main content
CVE-2021-23400 HIGH POC PATCH This Week

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Nodemailer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21871 HIGH POC This Week

A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Poweriso
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-35941 HIGH POC THREAT This Week

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wd My Book Live Firmware Wd My Book Live Duo Firmware
NVD
CVSS 3.1
7.5
EPSS
12.7%
CVE-2021-29485 HIGH PATCH This Week

Ratpack is a toolkit for creating web applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Java Ratpack
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-20102 HIGH This Week

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Machform
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-34824 HIGH This Week

Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Istio
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-22439 HIGH This Week

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Huawei Anyoffice
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-20104 HIGH This Week

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE PHP File Upload Machform
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2021-28830 HIGH This Week

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Runtime For R Spotfire Analytics Platform Spotfire Server +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-23275 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Runtime For R Spotfire Analytics Platform Spotfire Server +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31516 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Binary Ninja
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-31515 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Binary Ninja
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-31514 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31513 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31512 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31511 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31510 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31509 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31508 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31507 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-28691 HIGH This Week

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22545 HIGH This Week

An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Bindiff
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29481 HIGH PATCH This Week

Ratpack is a toolkit for creating web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Information Disclosure Ratpack
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-22119 HIGH PATCH This Week

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Spring Security Communications Cloud Native Core Policy
NVD
CVSS 3.1
7.5
EPSS
6.0%
CVE-2021-31530 HIGH This Week

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-31160 HIGH This Week

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-34550 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tor
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-34549 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-32565 HIGH This Week

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-27577 HIGH This Week

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-34548 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tor
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-33503 HIGH PATCH This Week

An issue was discovered in urllib3 before 1.26.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Urllib3 Fedora Enterprise Manager Ops Center Instantis Enterprisetrack +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-1134 HIGH This Week

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Authentication Bypass Catalyst Center
NVD
CVSS 3.1
7.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy