Skip to main content
CVE-2021-21806 HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-21793 HIGH POC This Week

An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21779 HIGH POC This Week

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple Memory Corruption Webkitgtk +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-1585 HIGH POC THREAT This Week

A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Cisco RCE Code Injection Adaptive Security Device Manager
NVD GitHub
CVSS 3.1
8.1
EPSS
20.0%
CVE-2021-34110 HIGH POC This Week

WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Winwaste Net
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-20585 HIGH POC This Week

A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Metinfo
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-25440 HIGH POC This Week

Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Factorycamerafb
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25426 HIGH POC This Week

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-34430 HIGH POC This Week

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tinydtls
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-1576 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Authentication Bypass Business Process Automation
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-1574 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Authentication Bypass Business Process Automation
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-1359 HIGH This Week

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance Asyncos
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-34609 HIGH This Week

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-32462 HIGH This Week

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Password Manager
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2021-25441 HIGH This Week

Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Ar Emoji Editor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25438 HIGH This Week

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass Members
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-25428 HIGH This Week

Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-21794 HIGH This Week

An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-32461 HIGH This Week

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Trend Micro Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25442 HIGH This Week

Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Knox Cloud Services
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31817 HIGH This Week

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31816 HIGH This Week

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-34611 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-34610 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-29150 HIGH This Week

A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy