Skip to main content
CVE-2021-23421 CRITICAL POC Act Now

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Merge Change
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-23420 CRITICAL POC PATCH Act Now

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Codeception
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-38574 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-38573 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38572 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38568 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38563 CRITICAL Act Now

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Reader Pdf Editor
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-33793 CRITICAL PATCH Act Now

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Microsoft Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-20418 CRITICAL Act Now

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Brute Force Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-38530 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk40 Firmware Rbr40 Firmware Rbs40 Firmware +7
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-38529 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection D7800 Firmware R7800 Firmware R8900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-38528 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection D8500 Firmware R6900P Firmware R7000P Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-38527 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware Ex6100 Firmware Ex6150 Firmware +31
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-38516 CRITICAL Act Now

Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D6220 Firmware D6400 Firmware D7000 Firmware +56
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38513 CRITICAL Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rbk852 Firmware Rbr850 Firmware Rbs850 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-25052 CRITICAL PATCH Act Now

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Op Tee
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2021-38570 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-38564 CRITICAL Act Now

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-33794 CRITICAL PATCH Act Now

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy