Skip to main content
CVE-2021-35327 CRITICAL POC Act Now

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-35324 CRITICAL POC THREAT Act Now

A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2021-21805 CRITICAL POC THREAT Act Now

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection R Seenet
NVD
CVSS 3.1
9.8
EPSS
69.6%
CVE-2021-34371 CRITICAL POC PATCH THREAT Act Now

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Java Neo4j
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.4%
CVE-2021-29978 CRITICAL POC PATCH Act Now

Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Mozilla Information Disclosure Mozilla Vpn
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-34634 HIGH POC This Week

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Sola Newsletters
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-34633 HIGH POC This Week

The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Youtube Feeder
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-21893 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-21870 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-21831 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-29972 HIGH POC This Week

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29970 HIGH POC This Week

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-28216 HIGH POC This Week

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edk Ii
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22926 HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl Active Iq Unified Manager Clustered Data Ontap +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-35326 HIGH POC This Week

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-35325 HIGH POC THREAT This Week

A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption A720R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
13.3%
CVE-2021-26586 HIGH POC This Week

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edgeline Infrastructure Management
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-38095 HIGH POC This Week

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spigit
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-22922 MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-35307 MEDIUM POC This Month

An issue was discovered in Bento4 through v1.6.0-636. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-35306 MEDIUM POC This Month

An issue was discovered in Bento4 through v1.6.0-636. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-29975 MEDIUM POC This Month

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22234 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2021-20116 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20115 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-26605 CRITICAL Act Now

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ezpdfreader
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-29971 CRITICAL Act Now

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-21792 MEDIUM POC This Month

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare Ultimate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21791 MEDIUM POC This Month

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare Ultimate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21790 MEDIUM POC This Month

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare Ultimate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21785 MEDIUM POC This Month

An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare Ultimate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-36584 MEDIUM POC This Month

An issue was discovered in GPAC 1.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-38138 MEDIUM POC This Month

OneNav beta 0.9.12 allows XSS via the Add Link feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onenav
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-22925 MEDIUM POC PATCH This Month

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-22923 MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-34639 HIGH This Week

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP File Upload Download Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-22517 HIGH This Week

A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Data Protector
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-37614 HIGH PATCH This Week

In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Microsoft Moveit Transfer
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-34631 HIGH This Week

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Newsplugin
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29977 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 89. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29976 HIGH This Week

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-29973 HIGH This Week

Password autofill was enabled without user interaction on insecure websites on Firefox for Android. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-23849 HIGH This Week

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cpp4 Firmware Cpp6 Firmware Aviotec Firmware Cpp7 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-3682 HIGH PATCH This Week

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
8.5
EPSS
2.9%
CVE-2021-37632 HIGH This Week

SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Config Lib
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2021-22927 HIGH This Week

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Citrix Session Fixation Application Delivery Controller Firmware Gateway +1
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-32581 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cyber Protect Cloud Cyber Protection Agent True Image
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-22928 HIGH PATCH This Week

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Citrix Virtual Apps And Desktops Xenapp +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32580 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32579 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Microsoft Authentication Bypass True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy