Skip to main content
CVE-2021-38085 HIGH POC Act Now

The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Pixma Tr150 Firmware
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-23421 CRITICAL POC Act Now

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Merge Change
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-23420 CRITICAL POC PATCH Act Now

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Codeception
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-32439 HIGH POC PATCH This Week

Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-37694 HIGH POC PATCH MAL This Week

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Java Spring Cloud Stream Template
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-34640 MEDIUM POC This Month

The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Securimage Wp Fixed
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-38549 MEDIUM POC This Month

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Miracase Hmub500 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38548 MEDIUM POC This Month

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Go 2 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38547 MEDIUM POC This Month

Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Z120 Firmware S120 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38546 MEDIUM POC This Month

CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Pebble V3 Firmware Pebble V2 Firmware Pebble Firmware Pebble Plus Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38545 MEDIUM POC This Month

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Raspberry Pi 4 Model B Firmware Raspberry Pi 3 Model B Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38544 MEDIUM POC This Month

Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Srs Xb33 Firmware Srs Xb43 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38543 MEDIUM POC This Month

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Ue330 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38574 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-38573 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38572 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38568 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38563 CRITICAL Act Now

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Reader Pdf Editor
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-33793 CRITICAL PATCH Act Now

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Microsoft Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-20418 CRITICAL Act Now

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Brute Force Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-38530 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk40 Firmware Rbr40 Firmware Rbs40 Firmware +7
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-38529 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection D7800 Firmware R7800 Firmware R8900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-38528 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection D8500 Firmware R6900P Firmware R7000P Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-38527 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware Ex6100 Firmware Ex6150 Firmware +31
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-38516 CRITICAL Act Now

Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D6220 Firmware D6400 Firmware D7000 Firmware +56
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38513 CRITICAL Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rbk852 Firmware Rbr850 Firmware Rbs850 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-32440 MEDIUM POC PATCH This Month

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-32438 MEDIUM POC PATCH This Month

The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-32437 MEDIUM POC PATCH This Month

The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-25052 CRITICAL PATCH Act Now

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Op Tee
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2021-38570 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-38564 CRITICAL Act Now

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-33794 CRITICAL PATCH Act Now

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-3050 HIGH This Week

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-38539 HIGH This Week

Certain NETGEAR devices are affected by privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Privilege Escalation D8500 Firmware R6400 Firmware R6700 Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38589 HIGH This Week

In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-38588 HIGH This Week

In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-32122 HIGH This Week

Certain NETGEAR devices are affected by CSRF. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Netgear Ex3700 Firmware Ex3800 Firmware Ex6120 Firmware +1
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-36770 HIGH PATCH This Week

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure P5 Encode Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-38571 HIGH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-1107 HIGH This Week

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux RCE Nvidia Denial Of Service Jetson Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1106 HIGH This Week

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Linux Memory Corruption Information Disclosure +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32947 HIGH This Week

FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-32939 HIGH This Week

FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-32931 HIGH This Week

An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-0196 HIGH PATCH This Week

Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Lapqc71A Firmware Lapqc71B Firmware Lapqc71C Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0160 HIGH PATCH This Week

Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Avermedia Capture Card
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0084 HIGH This Week

Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Ethernet Controller E810 Firmware X722Da2 Firmware X722Da4Fh Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0062 HIGH This Week

Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Graphics Drivers
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0061 HIGH This Week

Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Graphics Drivers
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy