Skip to main content
CVE-2021-36934 HIGH POC KEV PATCH THREAT Act Now

Windows contains an elevation of privilege vulnerability known as 'HiveNightmare' or 'SeriousSAM' where overly permissive ACLs on SAM, SYSTEM, and SECURITY registry hive shadow copies allow standard users to extract credentials.

NVD
CVSS 3.1
7.8
EPSS
90.1%
Threat
9.3
CVE-2021-26764 HIGH POC This Week

SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-26762 HIGH POC This Week

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-30486 HIGH POC This Week

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sysaid
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29657 HIGH POC PATCH This Week

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Linux Amd Authentication Bypass Linux Kernel
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-3540 HIGH POC This Week

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Mobileiron
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2021-3198 HIGH POC This Week

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ivanti Mobileiron
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2021-1518 HIGH PATCH This Week

A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Cisco RCE Code Injection Firepower Device Manager On Box
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-1601 HIGH PATCH This Week

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Intersight Virtual Appliance
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2021-1600 HIGH PATCH This Week

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Intersight Virtual Appliance
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2021-1089 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Information Disclosure Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22523 HIGH This Week

XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Verastream Host Integrator
NVD
CVSS 3.1
7.6
EPSS
0.8%
CVE-2021-32785 HIGH PATCH This Week

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis Apache Denial Of Service RCE Mod Auth Openidc +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-36222 HIGH PATCH This Week

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 Debian Linux Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
7.5
EPSS
10.3%
CVE-2021-35063 HIGH This Week

Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Information Disclosure Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-22001 HIGH This Week

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-30110 HIGH This Week

dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Domain Time Ii
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-20596 HIGH PATCH This Week

NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Fx3U Enet L Firmware Fx3U Enet P502 Firmware Fx3U Enet Firmware
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-28131 HIGH This Week

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache Privilege Escalation Impala
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-1618 HIGH PATCH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Path Traversal Command Injection Intersight Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-29143 HIGH This Week

A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Aos Cx Firmware
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-22522 HIGH This Week

Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Verastream Host Integrator
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-1092 HIGH PATCH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Microsoft Nvidia Gpu Display Driver
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-1091 HIGH PATCH This Week

NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Microsoft Nvidia Gpu Display Driver
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-1090 HIGH PATCH This Week

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Linux Microsoft Nvidia +1
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy