Skip to main content
CVE-2021-35336 CRITICAL POC THREAT Act Now

Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ip Audtio Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2021-36088 CRITICAL POC PATCH Act Now

Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Fluent Bit
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-28423 HIGH POC This Week

Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Teachers Record Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-36082 HIGH POC PATCH This Week

ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Ndpi
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-36080 HIGH POC PATCH This Week

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-36089 HIGH POC This Week

Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Grok
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-36081 HIGH POC PATCH This Week

Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Tesseract Ocr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-28804 CRITICAL Act Now

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-28802 CRITICAL Act Now

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-32730 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Xwiki
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-36083 MEDIUM POC PATCH This Month

KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Kimageformats
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-28424 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Teachers Record Management System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-31813 MEDIUM POC THREAT This Month

Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Applications Manager
NVD
CVSS 3.1
5.4
EPSS
78.3%
CVE-2021-22343 CRITICAL Act Now

There is a Configuration Defect vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-27661 HIGH This Week

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation F4 Snc Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-27660 HIGH This Week

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure C Cure 9000 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-35337 MEDIUM POC This Month

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Phone Shop Sales Management System
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-28127 HIGH This Week

An issue was discovered in Stormshield SNS through 4.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-27477 HIGH This Week

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pc10G Cpu Firmware 2Port Efr Firmware Plus Cpu Firmware Plus Ex Firmware +18
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20778 HIGH PATCH This Week

Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ec Cube
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-36086 LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Use After Free Information Disclosure Debian Linux Active Iq Unified Manager +7
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2021-36087 LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Selinux Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-36085 LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Selinux Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-36084 LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Selinux Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-20752 MEDIUM This Month

Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ikalka Rss Reader
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32729 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-28803 MEDIUM This Month

This issue affects: QNAP Systems Inc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap XSS Q Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32731 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-22344 MEDIUM This Month

There is an Improper Access Control vulnerability in Huawei Smartphone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-22347 MEDIUM This Month

There is an Improper Access Control vulnerability in Huawei Smartphone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy