Skip to main content
CVE-2021-34435 HIGH POC PATCH This Week

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cors Misconfiguration Theia
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-35508 HIGH POC This Week

NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aquariusnet
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-38703 HIGH POC This Week

Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Experia Wifi Firmware
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2021-30355 HIGH POC This Week

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kindle Firmware
NVD
CVSS 3.1
8.6
EPSS
6.9%
CVE-2021-30354 HIGH POC This Week

Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Kindle Firmware
NVD
CVSS 3.1
8.6
EPSS
7.0%
CVE-2021-40378 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
15.0%
CVE-2021-39373 HIGH POC This Week

Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Drive Manager
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-23426 HIGH POC This Week

This affects all versions of package Proto. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Proto
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-39109 HIGH POC PATCH This Week

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Atlasboard
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-40387 HIGH This Week

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Unitrends Backup Software
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-40385 HIGH This Week

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Unitrends Backup Software
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-39181 HIGH PATCH This Week

OpenOlat is a web-based learning management system (LMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Java Openolat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-36032 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-35218 HIGH This Week

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Orion Platform
NVD
CVSS 3.1
8.8
EPSS
76.4%
CVE-2021-35216 HIGH PATCH This Week

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Deserialization RCE Patch Manager
NVD
CVSS 3.1
8.8
EPSS
81.4%
CVE-2021-35215 HIGH PATCH This Week

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Orion Platform
NVD
CVSS 3.1
8.8
EPSS
69.7%
CVE-2021-39847 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-39817 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-39816 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36079 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .SGI file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2021-36078 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36076 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36075 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overflow vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2021-36073 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2021-36072 HIGH PATCH This Week

Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-36070 HIGH This Week

Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2021-36069 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36068 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36067 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36066 HIGH This Week

Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-36065 HIGH This Week

Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Photoshop
NVD
CVSS 3.1
7.8
EPSS
4.2%
CVE-2021-36064 HIGH PATCH This Week

XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36059 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36055 HIGH PATCH This Week

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-36052 HIGH PATCH This Week

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2021-36050 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-36049 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36048 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36047 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-36046 HIGH PATCH This Week

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-36235 HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-40382 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
22.7%
CVE-2021-40381 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
22.7%
CVE-2021-40380 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
22.7%
CVE-2021-40379 HIGH POC THREAT This Week

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ip70 Firmware Ip570 Firmware Ip60 Firmware Tn540 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
21.6%
CVE-2021-36044 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-36030 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-33582 HIGH PATCH This Week

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imap Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-36002 HIGH PATCH This Week

Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Adobe Captivate
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2021-39115 HIGH This Week

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Java Jira Service Desk Jira Service Management
NVD
CVSS 3.1
7.2
EPSS
4.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy