Skip to main content
CVE-2021-33885 CRITICAL POC Act Now

An Insufficient Verification of Data Authenticity vulnerability in B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Spacecom2
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-40084 CRITICAL POC Act Now

opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Opensysusers
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-33884 CRITICAL POC Act Now

An Unrestricted Upload of File with Dangerous Type vulnerability in B. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Spacecom2
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-21850 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21849 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21848 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21842 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21841 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21840 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21836 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21835 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21834 HIGH POC This Week

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-33886 HIGH POC This Week

An improper sanitization of input vulnerability in B. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spacecom2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21869 HIGH POC PATCH This Week

An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Codesys
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-21778 HIGH POC This Week

A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lib60870
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-33883 HIGH POC This Week

A Cleartext Transmission of Sensitive Information vulnerability in B. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spacecom2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-37334 CRITICAL PATCH Act Now

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Forms
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-37154 CRITICAL Act Now

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Access Management
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-37153 CRITICAL Act Now

ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Management
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-39159 CRITICAL PATCH Act Now

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Kubernetes RCE Code Injection Binderhub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-1581 CRITICAL PATCH Act Now

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Command Injection File Upload Authentication Bypass Application Policy Infrastructure Controller +1
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-1577 CRITICAL Act Now

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Application Policy Infrastructure Controller Cloud Application Policy Infrastructure Controller
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-1579 HIGH PATCH This Week

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Privilege Escalation Application Policy Infrastructure Controller Cloud Application Policy Infrastructure Controller
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-1578 HIGH This Week

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Application Policy Infrastructure Controller Cloud Application Policy Infrastructure Controller
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-22236 HIGH This Week

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-39160 HIGH PATCH This Week

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Nbgitpuller
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-1588 HIGH PATCH This Week

A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2021-1587 HIGH PATCH This Week

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
1.7%
CVE-2021-1586 HIGH PATCH This Week

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
2.5%
CVE-2021-1523 HIGH This Week

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-33882 HIGH This Week

A Missing Authentication for Critical Function vulnerability in B. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spacecom2
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2021-28070 MEDIUM POC This Month

Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-33015 HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-32995 HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-32975 HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cscape
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-40083 HIGH PATCH This Week

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Knot Resolver
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-3713 HIGH PATCH This Week

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.

Buffer Overflow RCE Memory Corruption Qemu Debian Linux
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2021-1580 HIGH PATCH This Week

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Command Injection File Upload Authentication Bypass Application Policy Infrastructure Controller +1
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-1584 MEDIUM PATCH This Month

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-22244 MEDIUM This Month

Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-3605 MEDIUM PATCH This Month

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Openexr Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-1582 MEDIUM PATCH This Month

A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Cisco XSS Application Policy Infrastructure Controller Cloud Application Policy Infrastructure Controller
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22256 MEDIUM This Month

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22250 MEDIUM This Month

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-22242 MEDIUM This Month

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
63.6%
CVE-2021-39136 MEDIUM PATCH This Month

baserCMS is an open source content management system with a focus on Japanese language support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-40088 MEDIUM This Month

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-1591 MEDIUM PATCH This Month

A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Authentication Bypass Nx Os
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-1590 MEDIUM PATCH This Month

A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service Cisco Memory Corruption Nx Os +1
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-31989 MEDIUM This Month

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Device Manager
NVD
CVSS 3.1
5.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy