Skip to main content
CVE-2021-35973 CRITICAL POC Act Now

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Wac104 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-25321 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Arpwatch
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-35970 HIGH POC PATCH This Week

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Coral Talk
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-25951 HIGH POC This Week

XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Xml2Dict
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-31721 MEDIUM POC This Month

Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chevereto
NVD Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-34075 MEDIUM POC This Month

In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Pandora Fms
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-22345 CRITICAL Act Now

There is an Input Verification Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22348 CRITICAL Act Now

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Emui +1
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22367 CRITICAL Act Now

There is a Key Management Errors Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-35971 CRITICAL Act Now

Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Microsoft Veeam Backup Replication
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-22323 CRITICAL Act Now

There is an Integer Overflow Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Integer Overflow Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-22375 CRITICAL Act Now

There is a Key Management Errors Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-27903 CRITICAL PATCH Act Now

An issue was discovered in Craft CMS before 3.6.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE Authentication Bypass Craft Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-30648 CRITICAL Act Now

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symantec Proxysg Symantec Advanced Secure Gateway S200 30 Firmware Symantec Advanced Secure Gateway S200 40 Firmware Symantec Advanced Secure Gateway S400 20 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-35474 CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Stack Overflow Traffic Server Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-20107 MEDIUM POC This Month

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Optima Eaf 100 Firmware Optima Eaf 150 Firmware Optima Eaf 200 Firmware +68
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-35956 MEDIUM POC This Month

Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sensorprobe2 Firmware Sensorprobe4 Firmware Sensorprobe8 Firmware Sensorprobe8 X20 Firmware +1
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2021-22354 CRITICAL Act Now

There is an Information Disclosure Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2021-22373 CRITICAL Act Now

There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-22380 CRITICAL Act Now

There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-35958 CRITICAL Act Now

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2021-22376 HIGH This Week

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-22351 HIGH This Week

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-22369 HIGH This Week

There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-22352 HIGH This Week

There is a Configuration Defect Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-34384 HIGH This Week

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34382 HIGH This Week

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overflow,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Nvidia Jetson Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34381 HIGH This Week

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Nvidia Information Disclosure Jetson Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34380 HIGH This Week

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Information Disclosure Denial Of Service +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28993 HIGH This Week

Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Scrutinizer
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22350 HIGH This Week

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Huawei Memory Corruption Emui +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22349 HIGH This Week

There is an Input Verification Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-32736 HIGH PATCH This Week

think-helper defines a set of helper functions for ThinkJS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Think Helper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22368 HIGH This Week

There is a Permission Control Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-22353 HIGH This Week

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Emui +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-21671 HIGH PATCH This Week

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-22374 HIGH This Week

There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22371 HIGH This Week

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22372 HIGH This Week

There is a Security Features Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22370 HIGH This Week

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-32567 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-32566 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-22326 HIGH This Week

A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-28692 HIGH This Week

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Amd Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-34385 MEDIUM This Month

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Nvidia Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-34383 MEDIUM This Month

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Nvidia Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-34379 MEDIUM This Month

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-34378 MEDIUM This Month

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-34377 MEDIUM This Month

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-34376 MEDIUM This Month

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy