Skip to main content
CVE-2021-28423 HIGH POC This Week

Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Teachers Record Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-36082 HIGH POC PATCH This Week

ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Ndpi
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-36080 HIGH POC PATCH This Week

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-36089 HIGH POC This Week

Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Grok
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-36081 HIGH POC PATCH This Week

Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Tesseract Ocr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-27661 HIGH This Week

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation F4 Snc Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-27660 HIGH This Week

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure C Cure 9000 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-28127 HIGH This Week

An issue was discovered in Stormshield SNS through 4.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-27477 HIGH This Week

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pc10G Cpu Firmware 2Port Efr Firmware Plus Cpu Firmware Plus Ex Firmware +18
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20778 HIGH PATCH This Week

Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ec Cube
NVD
CVSS 3.1
7.5
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy