Skip to main content
CVE-2021-34527 HIGH POC KEV PATCH THREAT Act Now

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 +14
NVD
CVSS 3.1
8.8
EPSS
99.8%
CVE-2021-32639 CRITICAL POC Act Now

Emissary is a P2P-based, data-driven workflow engine. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Emissary
NVD GitHub
CVSS 3.1
9.9
EPSS
1.4%
CVE-2021-35209 CRITICAL POC Act Now

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Collaboration
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-23403 CRITICAL POC PATCH Act Now

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Ts Nodash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-23402 CRITICAL POC Act Now

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Record Like Deep Assign
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-36128 CRITICAL POC PATCH Act Now

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-36126 CRITICAL POC PATCH Act Now

An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-35042 CRITICAL POC PATCH THREAT Act Now

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django Fedora
NVD
CVSS 3.1
9.8
EPSS
44.4%
CVE-2021-27950 HIGH POC This Week

A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Azurcms
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-36132 HIGH POC PATCH This Week

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Mediawiki
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-36125 HIGH POC PATCH This Week

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Mediawiki
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-35197 HIGH POC This Week

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-31874 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Adselfservice Plus
NVD
CVSS 3.1
5.9
EPSS
4.3%
CVE-2021-35029 CRITICAL Act Now

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Usg1900 Firmware Usg1100 Firmware Usg310 Firmware +34
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-35208 MEDIUM POC This Month

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-30557 HIGH This Week

Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
11.7%
CVE-2021-30556 HIGH This Week

Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-30555 HIGH This Week

Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-30554 HIGH KEV THREAT This Week

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2021-36130 MEDIUM POC PATCH This Month

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mediawiki
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-36129 MEDIUM POC PATCH This Month

An issue was discovered in the Translate extension in MediaWiki through 1.36. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-36127 MEDIUM POC PATCH This Month

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-36148 HIGH PATCH This Week

An issue was discovered in ACRN before 2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Acrn
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-3613 HIGH This Week

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE OpenSSL Connect
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-3606 HIGH This Week

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft OpenSSL RCE Openvpn
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27412 HIGH This Week

Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Dopsoft
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-36147 HIGH PATCH This Week

An issue was discovered in ACRN before 2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Acrn
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-36146 HIGH PATCH This Week

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Acrn
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-36145 HIGH PATCH This Week

The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Acrn
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-36144 HIGH PATCH This Week

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Acrn
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-36143 HIGH PATCH This Week

ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Acrn
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-33889 MEDIUM PATCH This Month

OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overflow because of an inconsistency in the integer data type for metric_len. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Wpantund
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-32738 MEDIUM PATCH This Month

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Js Stellar Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-26920 MEDIUM PATCH This Month

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Druid
NVD
CVSS 3.1
6.5
EPSS
9.9%
CVE-2021-35207 MEDIUM This Month

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-34807 MEDIUM This Month

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Collaboration
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-27455 MEDIUM This Month

Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Dopsoft
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-32735 MEDIUM PATCH This Month

Kirby is a content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Kirby
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32737 MEDIUM PATCH This Month

Sulu is an open-source PHP content management system based on the Symfony framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Sulu
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-36131 MEDIUM PATCH This Month

An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy