Skip to main content
CVE-2021-37232 CRITICAL POC PATCH Act Now

A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Atomicparsley
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-36800 CRITICAL POC Act Now

Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Akaunting
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-38111 HIGH POC This Week

The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Def Con 27 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-32706 HIGH POC THREAT This Week

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Pi Hole
NVD GitHub
CVSS 3.1
8.8
EPSS
60.2%
CVE-2021-36804 HIGH POC PATCH This Week

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Akaunting
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-36801 HIGH POC This Week

Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Akaunting
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-31869 HIGH POC This Week

Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pimcore
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-31867 HIGH POC This Week

Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Customer Management Framework
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-35397 HIGH POC This Week

A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Drogon
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2021-36802 MEDIUM POC This Month

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Akaunting
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-38115 MEDIUM POC PATCH This Month

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libgd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-20028 CRITICAL KEV THREAT Act Now

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sma 210 Firmware Sma 410 Firmware Sma 500V Firmware Sra 4600 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
30.1%
CVE-2021-1609 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Stack Overflow Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
9.7%
CVE-2021-1602 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Small Business Rv Series Router Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-37231 MEDIUM POC This Month

A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Atomicparsley
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-36803 MEDIUM POC This Month

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Akaunting
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38113 MEDIUM POC This Month

In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwebif
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3680 MEDIUM POC PATCH This Month

showdoc is vulnerable to Missing Cryptographic Step. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-36805 MEDIUM POC This Month

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Akaunting
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-32465 HIGH This Week

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Authentication Bypass Apex One Officescan
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2021-32793 MEDIUM POC This Month

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pi Hole
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-26096 HIGH This Week

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Fortisandbox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-1610 HIGH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following:. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Stack Overflow Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
9.1%
CVE-2021-26097 HIGH This Week

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortisandbox
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-24018 HIGH This Week

A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fortinet Fortios
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-32590 HIGH This Week

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fortiportal
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-36483 HIGH This Week

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Devexpress
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-32594 HIGH This Week

An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fortiportal
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-32464 HIGH This Week

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-1572 HIGH This Week

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Confd Network Services Orchestrator
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34853 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34852 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34851 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34850 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
38.3%
CVE-2021-34849 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-34848 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2021-34847 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
62.8%
CVE-2021-34846 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34845 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34844 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34843 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-34842 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
13.3%
CVE-2021-34841 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34840 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34839 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34838 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2021-34837 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34836 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2021-34835 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-34834 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
3.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy