Skip to main content
CVE-2021-38512 HIGH POC PATCH This Week

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Actix Http Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-38511 HIGH POC PATCH This Week

An issue was discovered in the tar crate before 0.4.36 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tar
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-38380 HIGH POC This Week

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Live555
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-28840 HIGH POC This Week

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-28839 HIGH POC This Week

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-28838 HIGH POC This Week

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-3689 HIGH POC PATCH This Week

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-33708 HIGH This Week

Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kyma
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-37366 HIGH This Week

CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Ctparental
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-21601 HIGH PATCH This Week

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Data Protection Search Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21567 HIGH PATCH This Week

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37367 HIGH This Week

CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

PHP RCE Path Traversal Ctparental
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-22385 HIGH This Week

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei RCE Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37180 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure Solid Edge Se2021 Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-37179 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge Se2021 Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-38490 HIGH This Week

Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mobiletogether Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29296 HIGH This Week

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dir 825 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29295 HIGH This Week

Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dsp W215 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29294 HIGH This Week

Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dsl 2740R Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28845 HIGH This Week

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38387 HIGH This Week

In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Contiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38386 HIGH This Week

In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Contiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-28844 HIGH This Week

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-28843 HIGH This Week

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-28842 HIGH This Week

Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-28841 HIGH This Week

Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38371 HIGH This Week

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Exim
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-37172 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Simatic S7 1200 Cpu Firmware Simatic Step 7 Tia Portal
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-25659 HIGH PATCH This Week

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Automation License Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-21501 HIGH PATCH This Week

Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Servicecomb
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2021-33721 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Sinec Network Management System
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-22386 HIGH This Week

A component of the Huawei smartphone has a Double Free vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy