Skip to main content
CVE-2021-35472 HIGH POC PATCH This Week

An issue was discovered in LemonLDAP::NG before 2.0.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lemonldap Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-36621 HIGH POC This Week

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Online Covid Vaccination Scheduler System
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
2.1%
CVE-2021-35193 HIGH POC This Week

Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eaglesoft
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-37601 HIGH POC This Week

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prosody
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-36754 HIGH POC THREAT This Week

PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Authoritative Server
NVD
CVSS 3.1
7.5
EPSS
64.9%
CVE-2021-32558 HIGH POC PATCH This Week

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.1
7.5
EPSS
9.1%
CVE-2021-28966 HIGH POC PATCH THREAT This Week

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Ruby
NVD
CVSS 3.1
7.5
EPSS
57.1%
CVE-2021-20114 HIGH POC This Week

When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcexam
NVD
CVSS 3.1
7.5
EPSS
6.0%
CVE-2021-36766 HIGH POC This Week

Concrete5 through 8.5.5 deserializes Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
3.7%
CVE-2021-36004 HIGH PATCH This Week

Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Indesign
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-34802 HIGH PATCH This Week

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Graph Databse
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-20783 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Optical Bb Unit E Wmta Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29736 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36983 HIGH This Week

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Replaysorcery
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-27491 HIGH This Week

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mylife Mylife Cloud
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-36386 HIGH PATCH This Week

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fetchmail Fedora
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-32807 HIGH PATCH This Week

The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Python RCE Accesscontrol
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-27495 HIGH This Week

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mylife Mylife Cloud
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2021-32610 HIGH PATCH This Week

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Archive Tar Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
73.4%
CVE-2021-31799 HIGH PATCH This Week

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. Rated high severity (CVSS 7.0). This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Debian Linux Rdoc Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
7.0
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy