Skip to main content
CVE-2021-30559 HIGH This Week

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-30541 HIGH This Week

Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-32016 HIGH This Week

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asset Management
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-32772 HIGH This Week

Poddycast is a podcast app made with Electron. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Command Injection Poddycast
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-21553 HIGH This Week

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-30587 MEDIUM POC This Month

Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-36543 MEDIUM POC This Month

Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Seeddms
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-32813 HIGH PATCH This Week

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Traefik
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-38084 HIGH This Week

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Courier Mail Server
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-32804 HIGH PATCH This Week

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Path Traversal Tar Graalvm Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
8.1
EPSS
15.0%
CVE-2021-32803 HIGH PATCH This Week

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Path Traversal Tar Graalvm Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
8.1
EPSS
7.8%
CVE-2021-32814 HIGH PATCH This Week

Skytable is a NoSQL database with automated snapshots and TLS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Skytable
NVD GitHub
CVSS 3.1
8.1
EPSS
2.1%
CVE-2021-22425 HIGH This Week

A component of the HarmonyOS has a Double Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22423 HIGH This Week

A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22422 HIGH This Week

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22421 HIGH This Week

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22420 HIGH This Week

A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22418 HIGH This Week

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22416 HIGH This Week

A component of the HarmonyOS has a Data Processing Errors vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31504 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-31503 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-32017 HIGH This Week

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Asset Management
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2021-33323 HIGH PATCH This Week

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33322 HIGH PATCH This Week

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-33321 HIGH PATCH This Week

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dxp Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-36763 HIGH This Week

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Control Control Rte Control Runtime System Toolkit +4
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33486 HIGH This Week

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Runtime Toolkit
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33335 HIGH PATCH This Week

Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-30583 MEDIUM This Month

Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-30580 MEDIUM This Month

Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-32018 MEDIUM This Month

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asset Management
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21563 MEDIUM This Month

Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-33333 MEDIUM PATCH This Month

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2021-33332 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33331 MEDIUM PATCH This Month

Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-33326 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-21581 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21579 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21578 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21577 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21576 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-37916 MEDIUM PATCH This Month

Joplin before 2.0.9 allows XSS via button and form in the note body. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Joplin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-22424 MEDIUM This Month

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22419 MEDIUM This Month

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22417 MEDIUM This Month

A component of the HarmonyOS has a Data Processing Errors vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22400 MEDIUM This Month

Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Oxfords An00A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-33328 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-36157 MEDIUM PATCH This Month

An issue was discovered in Grafana Cortex through 1.9.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal Information Disclosure Cortex
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-36156 MEDIUM PATCH This Month

An issue was discovered in Grafana Loki through 2.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal Loki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-21565 MEDIUM This Month

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.9%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy