Skip to main content
CVE-2021-39510 CRITICAL POC Act Now

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.6%
CVE-2021-39509 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2021-38306 CRITICAL POC Act Now

Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection N1T1 Firmware
NVD
CVSS 3.1
9.8
EPSS
9.0%
CVE-2021-37538 CRITICAL POC THREAT Act Now

Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Smartblog
NVD
CVSS 3.1
9.8
EPSS
74.5%
CVE-2021-38613 CRITICAL POC Act Now

The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Remkon Device Manager
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-38611 CRITICAL POC Act Now

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Remkon Device Manager
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-23432 CRITICAL POC Act Now

This affects all versions of package mootools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mootools
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-23406 CRITICAL POC PATCH Act Now

This affects the package pac-resolver before 5.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pac Resolver
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-38714 HIGH POC This Week

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Plib Debian Linux Extra Packages For Enterprise Linux +1
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-39376 HIGH POC This Week

Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tasy Electronic Medical Record
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-39375 HIGH POC This Week

Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tasy Electronic Medical Record
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-38557 HIGH POC This Week

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-38556 HIGH POC THREAT This Week

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
13.0%
CVE-2021-30952 HIGH POC KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Integer Overflow RCE Safari Ipados +8
NVD
CVSS 3.1
7.8
EPSS
7.6%
CVE-2021-32263 HIGH POC This Week

ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the ok_csv_circular_buffer_read function in ok_csv.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ok File Formats
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-39157 HIGH POC PATCH This Week

detect-character-encoding is an open source character encoding inspection library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Node.js Detect Character Encoding
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-36690 HIGH POC This Week

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sqlite Zfs Storage Appliance Kit Iphone Os macOS +2
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-38612 HIGH POC This Week

In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Remkon Device Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-23430 HIGH POC This Week

All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Startserver
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-23429 HIGH POC This Week

All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Transpile
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31009 CRITICAL Act Now

Multiple issues were addressed by removing HDF5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-3711 CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux Active Iq Unified Manager Clustered Data Ontap +27
NVD
CVSS 3.1
9.8
EPSS
87.8%
CVE-2021-36385 CRITICAL Act Now

A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mobile Care
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-33191 CRITICAL Act Now

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Command Injection Nifi Minifi C
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-3712 HIGH PATCH CISA GHSA Act Now

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow OpenSSL
NVD VulDB
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-30925 CRITICAL Act Now

The issue was addressed with improved permissions logic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-30856 CRITICAL Act Now

This issue was addressed by adding a new Remote Login option for opting into Full Disk Access for Secure Shell sessions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2021-26040 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2021-31008 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-30953 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Safari +7
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-30951 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Use After Free Denial Of Service +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-30936 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Use After Free Denial Of Service +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-30935 HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mac Os X macOS
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-30934 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Safari Ipados +6
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-30889 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-30858 HIGH KEV THREAT This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Use After Free Denial Of Service +5
NVD
CVSS 3.1
8.8
EPSS
13.5%
CVE-2021-30852 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-30851 HIGH This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Safari +7
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28627 HIGH This Week

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Experience Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-23431 HIGH PATCH This Week

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Joplin
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-30975 HIGH This Week

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X macOS
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2021-30864 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2021-30854 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-32779 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
0.9%
CVE-2021-32777 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
3.3%
CVE-2021-30993 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Apple RCE Ipados Iphone Os +3
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2021-31002 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure macOS
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-30991 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-30985 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-30983 HIGH KEV THREAT This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
2.9%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy