Skip to main content
CVE-2021-31698 CRITICAL POC Act Now

Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Eg25 G Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-29377 CRITICAL POC Act Now

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Pearadmin Think
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-28890 CRITICAL POC Act Now

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2Eefast
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-37599 CRITICAL POC Act Now

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Winscribe Dictation
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-38366 HIGH POC This Week

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Sitecore
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-38614 HIGH POC This Week

Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Polipo
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-36942 HIGH POC KEV PATCH THREAT This Week

Windows LSA Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows Server 2004 Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
7.5
EPSS
66.0%
CVE-2021-38604 HIGH POC PATCH This Week

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Glibc Fedora Communications Cloud Native Core Binding Support Function +5
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-38291 HIGH POC This Week

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ffmpeg Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-31731 MEDIUM POC This Month

A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Kitecms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-37700 MEDIUM POC PATCH This Month

@github/paste-markdown is an npm package for pasting markdown objects. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js XSS Paste Markdown
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-26424 CRITICAL PATCH Act Now

Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
9.9
EPSS
58.9%
CVE-2021-31556 CRITICAL PATCH Act Now

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-28121 CRITICAL Act Now

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Virtual Robots Txt
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-33199 CRITICAL PATCH Act Now

In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Expressionengine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-26432 CRITICAL PATCH Act Now

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2021-38606 CRITICAL PATCH Act Now

reNgine through 0.5 relies on a predictable directory name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rengine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-20509 CRITICAL Act Now

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Code Injection Maximo Asset Management
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-20314 CRITICAL PATCH Act Now

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service RCE Memory Corruption Libspf2 +2
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-37222 CRITICAL PATCH Act Now

Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Rcdcap
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-38603 MEDIUM POC This Month

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pluxml
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-38602 MEDIUM POC This Month

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pluxml
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-37678 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python RCE Tensorflow
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-36947 HIGH PATCH This Week

Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
7.0%
CVE-2021-36936 HIGH PATCH This Week

Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
6.8%
CVE-2021-36921 HIGH This Week

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Application Insight Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-34535 HIGH PATCH This Week

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Remote Desktop Client Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
18.4%
CVE-2021-37704 MEDIUM POC PATCH This Month

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpfastcache
NVD GitHub
CVSS 3.1
4.3
EPSS
6.1%
CVE-2021-36982 HIGH This Week

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Application Insight Manager
NVD GitHub
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-34524 HIGH PATCH This Week

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Dynamics 365
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2021-37679 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37665 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37663 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37681 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37676 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37671 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37667 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37666 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37652 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37648 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37662 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37659 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37658 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37657 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37656 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37651 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37650 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37639 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37638 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-36958 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows
NVD
CVSS 3.1
7.8
EPSS
31.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy