Skip to main content
CVE-2021-23438 CRITICAL POC PATCH Act Now

This affects the package mpath before 0.8.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Mpath
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-23436 CRITICAL POC PATCH Act Now

This affects the package immer before 9.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Immer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-40350 CRITICAL POC Act Now

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dwu850 Gs Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-23427 CRITICAL POC Act Now

This affects all versions of package elFinder.NetCore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Elfinder Netcore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-39379 CRITICAL POC Act Now

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-39378 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
22.7%
CVE-2021-39377 CRITICAL POC Act Now

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-37415 CRITICAL POC KEV THREAT Act Now

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-40353 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-34435 HIGH POC PATCH This Week

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cors Misconfiguration Theia
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-35508 HIGH POC This Week

NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aquariusnet
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-38703 HIGH POC This Week

Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Experia Wifi Firmware
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2021-30355 HIGH POC This Week

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kindle Firmware
NVD
CVSS 3.1
8.6
EPSS
6.9%
CVE-2021-30354 HIGH POC This Week

Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Kindle Firmware
NVD
CVSS 3.1
8.6
EPSS
7.0%
CVE-2021-40378 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
15.0%
CVE-2021-39373 HIGH POC This Week

Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Drive Manager
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-23426 HIGH POC This Week

This affects all versions of package Proto. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Proto
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-39109 HIGH POC PATCH This Week

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Atlasboard
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-40352 MEDIUM POC This Month

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Openemr
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
9.7%
CVE-2021-39186 MEDIUM POC PATCH This Month

GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Globalnewfiles
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-39320 MEDIUM POC This Month

The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Apache XSS PHP Underconstruction
NVD WPScan
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-36020 CRITICAL PATCH Act Now

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-23428 CRITICAL Act Now

This affects all versions of package elFinder.NetCore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Elfinder Netcore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-20345 MEDIUM POC This Month

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wtcms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-39170 MEDIUM POC PATCH This Month

Pimcore is an open source data & experience management platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-39185 CRITICAL PATCH Act Now

Http4s is a minimal, idiomatic Scala interface for HTTP services. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http4S
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-40387 HIGH This Week

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Unitrends Backup Software
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-40385 HIGH This Week

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Unitrends Backup Software
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-39181 HIGH PATCH This Week

OpenOlat is a web-based learning management system (LMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Java Openolat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-36032 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-35218 HIGH This Week

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Orion Platform
NVD
CVSS 3.1
8.8
EPSS
76.4%
CVE-2021-35216 HIGH PATCH This Week

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Deserialization RCE Patch Manager
NVD
CVSS 3.1
8.8
EPSS
81.4%
CVE-2021-35215 HIGH PATCH This Week

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Orion Platform
NVD
CVSS 3.1
8.8
EPSS
69.7%
CVE-2021-39847 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-39817 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-39816 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36079 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .SGI file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2021-36078 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36076 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36075 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overflow vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2021-36073 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2021-36072 HIGH PATCH This Week

Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-36070 HIGH This Week

Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2021-36069 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36068 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36067 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36066 HIGH This Week

Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-36065 HIGH This Week

Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Photoshop
NVD
CVSS 3.1
7.8
EPSS
4.2%
CVE-2021-36064 HIGH PATCH This Week

XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36059 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy