Skip to main content
CVE-2021-39273 HIGH POC This Week

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Sn1Per
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-28490 HIGH PATCH This Week

In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Csrfguard
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-34645 HIGH PATCH This Week

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress PHP Shopping Cart Ecommerce Store
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-31338 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Sinema Remote Connect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-24038 HIGH This Week

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation.39 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-37698 HIGH This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icinga Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-36762 HIGH This Week

An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nichestack
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-31401 HIGH This Week

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Nichestack Sentron 3Wl Com35 Firmware Sentron 3Wa Com190 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-27565 HIGH This Week

The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nichestack
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-31400 HIGH This Week

An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nichestack
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-31228 HIGH This Week

An issue was discovered in HCC embedded InterNiche 4.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nichestack
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-31227 HIGH This Week

An issue was discovered in HCC embedded InterNiche 4.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Nichestack
NVD
CVSS 3.1
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy