Skip to main content
CVE-2021-21811 CRITICAL POC Act Now

A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Xmill
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38145 CRITICAL POC Act Now

An issue was discovered in Form Tools through 3.0.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Core
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-36356 CRITICAL POC THREAT Act Now

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Viaware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
54.4%
CVE-2021-36232 HIGH POC This Week

Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mik Starlight
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36231 HIGH POC This Week

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Mik Starlight
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-36981 HIGH POC PATCH This Week

In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization RCE Java Verinice
NVD GitHub
CVSS 3.1
8.8
EPSS
6.0%
CVE-2021-39176 HIGH POC PATCH This Week

detect-character-encoding is a package for detecting character encoding using ICU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Detect Character Encoding
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-39316 HIGH POC THREAT This Week

The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Zoomsounds
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
66.5%
CVE-2021-3749 HIGH POC PATCH MAL This Week

axios is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Axios Sinec Ins Goldengate
NVD GitHub
CVSS 3.1
7.5
EPSS
8.5%
CVE-2021-40330 HIGH POC PATCH This Week

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Git Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-27556 HIGH POC This Week

The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zentao
NVD
CVSS 3.1
7.2
EPSS
4.0%
CVE-2021-40085 MEDIUM POC PATCH This Month

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Neutron Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-36233 MEDIUM POC This Month

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Mik Starlight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22929 MEDIUM POC This Month

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-38143 MEDIUM POC This Month

An issue was discovered in Form Tools through 3.0.20. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Core
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-27558 MEDIUM POC This Month

A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zentao
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-22002 CRITICAL PATCH Act Now

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-34565 CRITICAL Act Now

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-22943 CRITICAL Act Now

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Protect
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2021-35222 CRITICAL PATCH Act Now

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Orion Platform
NVD
CVSS 3.1
9.6
EPSS
2.6%
CVE-2021-38144 MEDIUM POC This Month

An issue was discovered in Form Tools through 3.0.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Core
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-39180 HIGH PATCH This Week

OpenOLAT is a web-based learning management system (LMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Java Openolat
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-35212 HIGH PATCH This Week

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Privilege Escalation Orion Platform
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-35223 HIGH This Week

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Serv U
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-35213 HIGH This Week

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Orion Platform
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2021-29907 HIGH PATCH This Week

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload RCE Openpages With Watson
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21679 HIGH PATCH This Week

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Jenkins Azure Ad
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-21678 HIGH PATCH This Week

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Saml
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21677 HIGH PATCH This Week

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jenkins Java Code Coverage Api
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-34561 HIGH This Week

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-37713 HIGH PATCH This Week

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Microsoft Path Traversal RCE Tar +2
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-37712 HIGH PATCH This Week

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Microsoft Path Traversal RCE Tar +3
NVD GitHub
CVSS 3.1
8.6
EPSS
1.8%
CVE-2021-37701 HIGH PATCH This Week

The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js RCE Path Traversal Tar Debian Linux +2
NVD GitHub
CVSS 3.1
8.6
EPSS
3.3%
CVE-2021-27557 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zentao
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-35221 HIGH PATCH This Week

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Orion Platform
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2021-34578 HIGH This Week

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass 750 890 040 000 Firmware 750 890 025 001 Firmware 750 890 025 002 Firmware 750 890 025 000 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-22944 HIGH This Week

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-39135 HIGH PATCH This Week

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Node.js Information Disclosure Arborist Graalvm Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-39134 HIGH PATCH This Week

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Apple Microsoft Node.js Information Disclosure Arborist +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-22003 HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22029 HIGH This Week

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service VMware Workspace One Uem Console
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22684 HIGH This Week

Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Tizenrt
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-34581 HIGH This Week

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure 750 880 040 000 Firmware 750 880 025 002 Firmware 750 880 025 001 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33555 HIGH This Week

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-35220 HIGH PATCH This Week

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Command Injection Orion Platform
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-21680 HIGH PATCH This Week

Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Nested View
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2021-3634 MEDIUM PATCH This Month

A flaw has been found in libssh in versions prior to 0.9.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Libssh Virtualization +5
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2021-34562 MEDIUM This Month

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-39178 MEDIUM PATCH This Month

Next.js is a React framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Next Js
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-36234 MEDIUM This Month

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mik Starlight
NVD
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy