Skip to main content
CVE-2020-18171 HIGH POC This Week

TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Snagit
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2021-37394 HIGH POC This Week

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rpcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-18169 HIGH POC This Week

A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Snagit
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-37576 HIGH POC PATCH This Week

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-32794 HIGH POC PATCH This Week

ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Archisteamfarm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31292 HIGH POC This Week

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service Exiv2 Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-32789 HIGH POC PATCH THREAT This Week

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

WordPress SQLi Woocommerce Blocks
NVD GitHub
CVSS 3.1
7.5
EPSS
17.2%
CVE-2021-26824 HIGH POC This Week

DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dm Fingertool
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-25804 HIGH This Week

A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vlc Media Player
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-33629 HIGH This Week

isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Isula Build
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20337 HIGH PATCH This Week

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-33900 HIGH PATCH This Week

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Directory Studio
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-25803 HIGH This Week

A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Vlc Media Player
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-25802 HIGH PATCH This Week

A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Vlc Media Player
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-25801 HIGH This Week

A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player
NVD
CVSS 3.1
7.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy