Skip to main content
CVE-2021-32829 CRITICAL POC Act Now

ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Rest Api
NVD GitHub
CVSS 3.1
9.9
EPSS
2.9%
CVE-2021-21832 CRITICAL POC Act Now

A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Daemon Tools
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-21810 CRITICAL POC Act Now

A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Xmill
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-29988 HIGH POC This Week

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-29985 HIGH POC This Week

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-29984 HIGH POC This Week

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-29980 HIGH POC This Week

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-28372 HIGH POC This Week

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Kalay P2P Software Development Kit
NVD GitHub
CVSS 3.1
8.3
EPSS
2.6%
CVE-2021-29986 HIGH POC This Week

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow Race Condition Firefox Firefox Esr +1
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-3633 HIGH POC This Week

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Jwt Attack Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39131 HIGH POC PATCH This Week

ced detects character encoding using Google’s compact_enc_det library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Denial Of Service Node.js Ced
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-32830 HIGH POC This Week

The @diez/generation npm package is a client for Diez. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Node.js Command Injection Diez
NVD GitHub
CVSS 3.1
7.0
EPSS
1.9%
CVE-2021-39247 MEDIUM POC PATCH This Month

Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, related to is_last_single_ascii in code1.c, and rs_encode_uint in reedsol.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Barcode Generator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-29982 MEDIUM POC This Month

Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-39249 MEDIUM POC This Month

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Invision Power Board
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-38702 MEDIUM POC This Month

Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Netgenie C0101B1 20141120 Ng11Vo Firmware
NVD
CVSS 3.1
6.1
EPSS
6.9%
CVE-2021-29313 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seacms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-22156 CRITICAL PATCH Act Now

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service RCE Qnx Software Development Platform Qnx Os For Medical +1
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-3616 CRITICAL Act Now

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Smart Camera C2E Firmware Smart Camera X3 Firmware Smart Camera X5 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-39250 MEDIUM POC This Month

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Invision Power Board
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-29990 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 90. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29989 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-29981 HIGH This Week

An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29056 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pixelimity
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-25957 HIGH PATCH This Week

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dolibarr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-25263 HIGH This Week

Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Yandex Browser
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0646 HIGH This Week

In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0645 HIGH PATCH This Week

In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0640 HIGH This Week

In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0593 HIGH PATCH This Week

In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0576 HIGH This Week

In flv extractor, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0574 HIGH This Week

In asf extractor, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0573 HIGH This Week

In asf extractor, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0519 HIGH PATCH This Week

In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0284 HIGH This Week

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-39242 HIGH This Week

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-39240 HIGH This Week

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-0591 HIGH PATCH This Week

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-3617 HIGH This Week

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Command Injection Smart Camera C2E Firmware Smart Camera X3 Firmware Smart Camera X5 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-25956 HIGH PATCH This Week

In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dolibarr Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-3615 MEDIUM This Month

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Code Injection Smart Camera C2E Firmware Smart Camera X3 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-3459 MEDIUM This Month

A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Mm1000 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-29987 MEDIUM This Month

After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-29983 MEDIUM This Month

Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-0582 MEDIUM This Month

In wifi driver, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-0581 MEDIUM This Month

In wifi driver, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-0580 MEDIUM This Month

In wifi driver, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-0579 MEDIUM This Month

In wifi driver, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-0578 MEDIUM This Month

In wifi driver, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-39248 MEDIUM PATCH This Month

Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Edx Platform
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy