Skip to main content
CVE-2021-39173 HIGH POC PATCH This Week

Cachet is an open source status page system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Catchet
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-39172 HIGH POC PATCH THREAT This Week

Cachet is an open source status page system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Catchet
NVD GitHub
CVSS 3.1
8.8
EPSS
29.2%
CVE-2021-28233 HIGH POC This Week

Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ok File Formats
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36531 HIGH POC This Week

ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ngiflib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36530 HIGH POC This Week

ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ngiflib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-23434 HIGH POC PATCH This Week

This affects the package object-path before 0.11.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Object Path Debian Linux
NVD GitHub
CVSS 3.1
8.6
EPSS
1.9%
CVE-2021-40153 HIGH POC PATCH This Week

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Squashfs Tools Fedora Debian Linux Enterprise Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-3264 HIGH POC This Week

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cxuucms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-28697 HIGH This Week

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Xen Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39171 HIGH PATCH This Week

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Passport Saml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-35342 HIGH This Week

The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Useradm
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-40142 HIGH PATCH This Week

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Local Discover Server Simatic Process Historian Opc Ua Server Firmware Simatic Net Pc +4
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-32759 HIGH PATCH This Week

OpenMage magento-lts is an alternative to the Magento CE official releases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Adobe Magento
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-32758 HIGH PATCH This Week

OpenMage Magento LTS is an alternative to the Magento CE official releases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Adobe Openmage
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy