Skip to main content
CVE-2021-36232 HIGH POC This Week

Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mik Starlight
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36231 HIGH POC This Week

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Mik Starlight
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-36981 HIGH POC PATCH This Week

In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization RCE Java Verinice
NVD GitHub
CVSS 3.1
8.8
EPSS
6.0%
CVE-2021-39176 HIGH POC PATCH This Week

detect-character-encoding is a package for detecting character encoding using ICU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Detect Character Encoding
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-39316 HIGH POC THREAT This Week

The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Zoomsounds
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
66.5%
CVE-2021-3749 HIGH POC PATCH MAL This Week

axios is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Axios Sinec Ins Goldengate
NVD GitHub
CVSS 3.1
7.5
EPSS
8.5%
CVE-2021-40330 HIGH POC PATCH This Week

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Git Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-27556 HIGH POC This Week

The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zentao
NVD
CVSS 3.1
7.2
EPSS
4.0%
CVE-2021-39180 HIGH PATCH This Week

OpenOLAT is a web-based learning management system (LMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Java Openolat
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-35212 HIGH PATCH This Week

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Privilege Escalation Orion Platform
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-35223 HIGH This Week

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Serv U
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-35213 HIGH This Week

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Orion Platform
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2021-29907 HIGH PATCH This Week

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload RCE Openpages With Watson
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21679 HIGH PATCH This Week

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Jenkins Azure Ad
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-21678 HIGH PATCH This Week

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Saml
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21677 HIGH PATCH This Week

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jenkins Java Code Coverage Api
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-34561 HIGH This Week

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-37713 HIGH PATCH This Week

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Microsoft Path Traversal RCE Tar +2
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-37712 HIGH PATCH This Week

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Microsoft Path Traversal RCE Tar +3
NVD GitHub
CVSS 3.1
8.6
EPSS
1.8%
CVE-2021-37701 HIGH PATCH This Week

The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js RCE Path Traversal Tar Debian Linux +2
NVD GitHub
CVSS 3.1
8.6
EPSS
3.3%
CVE-2021-35221 HIGH PATCH This Week

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Orion Platform
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2021-34578 HIGH This Week

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass 750 890 040 000 Firmware 750 890 025 001 Firmware 750 890 025 002 Firmware 750 890 025 000 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-22944 HIGH This Week

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-39135 HIGH PATCH This Week

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Node.js Information Disclosure Arborist Graalvm Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-39134 HIGH PATCH This Week

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Apple Microsoft Node.js Information Disclosure Arborist +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-22003 HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22029 HIGH This Week

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service VMware Workspace One Uem Console
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22684 HIGH This Week

Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Tizenrt
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-34581 HIGH This Week

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure 750 880 040 000 Firmware 750 880 025 002 Firmware 750 880 025 001 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33555 HIGH This Week

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-35220 HIGH PATCH This Week

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Command Injection Orion Platform
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-21680 HIGH PATCH This Week

Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Nested View
NVD
CVSS 3.1
7.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy