Skip to main content
CVE-2021-38384 CRITICAL POC Act Now

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Serverless Offline
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37425 CRITICAL POC THREAT Act Now

Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Mobiletogether Server
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
66.3%
CVE-2021-38512 HIGH POC PATCH This Week

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Actix Http Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-38511 HIGH POC PATCH This Week

An issue was discovered in the tar crate before 0.4.36 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tar
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-38380 HIGH POC This Week

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Live555
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-28840 HIGH POC This Week

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-28839 HIGH POC This Week

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-28838 HIGH POC This Week

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-3689 HIGH POC PATCH This Week

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-21677 MEDIUM POC This Month

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-29400 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Smtp Contact
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-38382 MEDIUM POC This Month

Live555 through 1.08 does not handle Matroska and Ogg files properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Live555
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-38381 MEDIUM POC This Month

Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Live555
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31655 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tv Ip110Wn Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-37390 MEDIUM POC PATCH This Month

A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37389 MEDIUM POC PATCH This Month

Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-36601 MEDIUM POC This Month

GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Getsimplecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38370 MEDIUM POC This Month

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Alpine
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2021-20032 CRITICAL Act Now

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Java Analytics
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-38383 CRITICAL PATCH Act Now

OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Owntone Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-38140 CRITICAL PATCH Act Now

The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

PostgreSQL Privilege Escalation Set User
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-32943 CRITICAL Act Now

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37391 MEDIUM POC PATCH This Month

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE XSS Chamilo Lms
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.1%
CVE-2021-3692 MEDIUM POC PATCH This Month

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-33708 HIGH This Week

Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kyma
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-37366 HIGH This Week

CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Ctparental
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-38365 LOW POC Monitor

Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Winner Desktop Speakers Firmware
NVD VulDB
CVSS 3.1
3.7
EPSS
1.2%
CVE-2021-21601 HIGH PATCH This Week

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Data Protection Search Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21567 HIGH PATCH This Week

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37367 HIGH This Week

CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

PHP RCE Path Traversal Ctparental
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-22385 HIGH This Week

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei RCE Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37180 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure Solid Edge Se2021 Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-37179 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge Se2021 Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-38372 LOW POC Monitor

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Trojita
NVD
CVSS 3.1
3.7
EPSS
0.8%
CVE-2021-38490 HIGH This Week

Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mobiletogether Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29296 HIGH This Week

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dir 825 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29295 HIGH This Week

Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dsp W215 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29294 HIGH This Week

Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dsl 2740R Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28845 HIGH This Week

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38387 HIGH This Week

In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Contiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38386 HIGH This Week

In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Contiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-28844 HIGH This Week

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-28843 HIGH This Week

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-28842 HIGH This Week

Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-28841 HIGH This Week

Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38371 HIGH This Week

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Exim
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-37172 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Simatic S7 1200 Cpu Firmware Simatic Step 7 Tia Portal
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-25659 HIGH PATCH This Week

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Automation License Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-21501 HIGH PATCH This Week

Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Servicecomb
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2021-33721 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Sinec Network Management System
NVD
CVSS 3.1
7.2
EPSS
2.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy