Skip to main content
CVE-2021-21820 CRITICAL POC Act Now

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Authentication Bypass Dir 3040 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-21804 CRITICAL POC Act Now

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP R Seenet
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-32749 HIGH POC PATCH This Week

fail2ban is a daemon to ban hosts that cause multiple authentication errors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Command Injection Fail2Ban Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
3.6%
CVE-2021-32769 HIGH POC PATCH This Week

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Java Micronaut
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-3649 HIGH POC PATCH This Week

chatwoot is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Chatwoot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-21818 HIGH POC This Week

A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Authentication Bypass Dir 3040 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-21817 HIGH POC This Week

An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 3040 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-21819 HIGH POC This Week

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 3040 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-3647 MEDIUM POC PATCH This Month

URI.js is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Uri Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21803 MEDIUM POC This Month

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
7.9%
CVE-2021-21802 MEDIUM POC This Month

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
9.9%
CVE-2021-21801 MEDIUM POC THREAT This Month

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
63.4%
CVE-2021-21800 MEDIUM POC THREAT This Month

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
14.1%
CVE-2021-21799 MEDIUM POC THREAT This Month

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
12.3%
CVE-2021-34458 CRITICAL PATCH Act Now

Windows Kernel Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
9.9
EPSS
2.5%
CVE-2021-35961 CRITICAL Act Now

Dr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dr Id Access Control
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-34481 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation RCE Windows 10 Windows 7 +6
NVD
CVSS 3.1
8.8
EPSS
45.4%
CVE-2021-34442 HIGH PATCH This Week

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-28053 HIGH This Week

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-34450 HIGH PATCH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.5
EPSS
2.2%
CVE-2021-21816 MEDIUM POC THREAT This Month

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 3040 Firmware
NVD
CVSS 3.1
4.3
EPSS
36.5%
CVE-2021-34446 HIGH PATCH This Week

Windows HTML Platforms Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2021-3550 HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34464 HIGH PATCH This Week

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-34461 HIGH PATCH This Week

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-34460 HIGH PATCH This Week

Storage Spaces Controller Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-34459 HIGH PATCH This Week

Windows AppContainer Elevation Of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-34456 HIGH PATCH This Week

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-34455 HIGH PATCH This Week

Windows File History Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-34452 HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Word
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-34445 HIGH PATCH This Week

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-34441 HIGH PATCH This Week

Microsoft Windows Media Foundation Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-34439 HIGH PATCH This Week

Microsoft Windows Media Foundation Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-34438 HIGH PATCH This Week

Windows Font Driver Host Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-1422 HIGH This Week

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2021-35962 HIGH This Week

Specific page parameters in Dr. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Door Access Control Personnel Attendance System
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-34467 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
5.4%
CVE-2021-34462 HIGH PATCH This Week

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Race Condition Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2021-34449 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
2.2%
CVE-2021-3614 MEDIUM This Month

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Ideapad 1 11Ada05 Firmware Ideapad 1 14Ada05 Firmware V130 15Ikb Firmware +18
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-34448 MEDIUM KEV PATCH THREAT This Month

Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.8
EPSS
30.7%
CVE-2021-34447 MEDIUM PATCH This Month

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
1.8%
CVE-2021-3452 MEDIUM This Month

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Bios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-34444 MEDIUM PATCH This Month

Windows DNS Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2021-36755 MEDIUM PATCH This Month

Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Cgm Remote Monitor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34466 MEDIUM PATCH This Month

Windows Hello Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Microsoft Authentication Bypass Windows 10
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-34457 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34454 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34440 MEDIUM PATCH This Month

GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28054 MEDIUM This Month

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy