Skip to main content
CVE-2021-37358 CRITICAL POC Act Now

SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-21825 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Xmill
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-21862 HIGH POC This Week

Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21858 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21857 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21856 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21855 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21854 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21853 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21852 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21851 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21847 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21846 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21845 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21844 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21843 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21839 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21838 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21837 HIGH POC This Week

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21868 HIGH POC PATCH This Week

An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Codesys
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-21867 HIGH POC PATCH This Week

An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Codesys
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-25218 HIGH POC PATCH This Week

In BIND 9.16.19, 9.17.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bind Fedora
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-39282 HIGH POC This Week

Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Live555
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-23424 HIGH POC PATCH This Week

This affects all versions of package ansi-html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansi Html
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-32728 MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Desktop Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20792 MEDIUM POC PATCH This Month

Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Quiz And Survey Master
NVD
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-39268 MEDIUM POC This Month

Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-39267 MEDIUM POC This Month

Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-32588 CRITICAL Act Now

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Authentication Bypass Fortiportal
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-34730 CRITICAL Act Now

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Stack Overflow Denial Of Service +5
NVD
CVSS 3.1
9.8
EPSS
13.6%
CVE-2021-37608 CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands.12.07 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Apache Atlassian File Upload Ofbiz
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-39283 MEDIUM POC This Month

liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Live555
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-23425 MEDIUM POC PATCH This Month

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Trim Off Newlines
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-37702 HIGH PATCH This Week

Pimcore is an open source data & experience management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-34749 HIGH PATCH This Week

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Cisco Information Disclosure Ironport Web Security Appliance Secure Firewall Management Center Firepower Management Center Virtual Appliance Firmware
NVD
CVSS 3.1
8.6
EPSS
1.7%
CVE-2021-20758 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Garoon
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-34745 HIGH PATCH This Week

A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Appdynamics Net Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-39270 HIGH This Week

In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rsa Securid Integration Kit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-37714 HIGH PATCH This Week

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Jsoup Quarkus Banking Trade Finance +13
NVD GitHub
CVSS 3.1
7.5
EPSS
6.9%
CVE-2021-31820 HIGH This Week

In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-33580 HIGH This Week

User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Roller
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-37617 HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Nextcloud Information Disclosure Desktop
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2021-21781 LOW POC PATCH Monitor

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure Function +1
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-34716 HIGH PATCH This Week

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco RCE Expressway Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2021-34715 HIGH PATCH This Week

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Information Disclosure Jwt Attack Expressway Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-0628 MEDIUM This Month

In OMA DRM, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0627 MEDIUM This Month

In OMA DRM, there is a possible memory corruption due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0626 MEDIUM This Month

In ged, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0407 MEDIUM This Month

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-34734 MEDIUM PATCH This Month

A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Cisco Denial Of Service Video Surveillance 7000 Ip Camera Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy