Skip to main content
CVE-2021-36707 CRITICAL POC Act Now

In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Prc2402M Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-36706 CRITICAL POC Act Now

In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Prc2402M Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-36705 CRITICAL POC Act Now

In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Prc2402M Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-36351 CRITICAL POC Act Now

SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Information Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37388 CRITICAL POC Act Now

A buffer overflow in D-Link DIR-615 C2 3.03WW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link RCE Dir 615 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-36455 HIGH POC This Week

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Navigate Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-37381 HIGH POC This Week

Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Authentication Bypass Graduate Management Information System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-35312 HIGH POC This Week

A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Amica Prodigy
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-38155 HIGH POC PATCH This Week

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keystone
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-36708 HIGH POC This Week

In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prc2402M Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-38136 MEDIUM POC This Month

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Securewatch Managed Services
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-38157 MEDIUM POC This Month

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connection Broker
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-26606 CRITICAL Act Now

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Magicline4Nx Exe
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-37544 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-36209 CRITICAL Act Now

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-36454 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Navigate Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38152 MEDIUM POC This Month

index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Patient Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-38151 MEDIUM POC This Month

index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Patient Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38149 MEDIUM POC This Month

index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Patient Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20597 CRITICAL Act Now

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass R08Sfcpu Firmware R16Sfcpu Firmware R32Sfcpu Firmware R120Sfcpu Firmware +4
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2021-37549 CRITICAL Act Now

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-37543 HIGH This Week

In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rubymine
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-38137 HIGH This Week

Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Securewatch Managed Services
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-36795 HIGH This Week

A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-20594 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure R08Sfcpu Firmware R16Sfcpu Firmware R32Sfcpu Firmware R120Sfcpu Firmware +4
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-37553 HIGH This Week

In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-37550 HIGH This Week

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-37548 HIGH This Week

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37545 HIGH This Week

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37540 MEDIUM This Month

In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-37542 MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, XSS was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-37541 MEDIUM This Month

In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Hub
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-22295 MEDIUM This Month

A component of the HarmonyOS has a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-37552 MEDIUM This Month

In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32597 MEDIUM This Month

Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20598 MEDIUM This Month

Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass R08Sfcpu Firmware R16Sfcpu Firmware R32Sfcpu Firmware R120Sfcpu Firmware +4
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-37551 MEDIUM This Month

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-37547 MEDIUM This Month

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-37546 MEDIUM This Month

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-26999 MEDIUM This Month

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-26998 MEDIUM This Month

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-37554 MEDIUM This Month

In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-32587 MEDIUM This Month

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy