Skip to main content
CVE-2021-40539 CRITICAL POC KEV PATCH THREAT Act Now

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Zoho Authentication Bypass Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.8
EPSS
99.0%
CVE-2021-39497 CRITICAL POC Act Now

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Eyoucms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-38840 CRITICAL POC Act Now

SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Water Refilling Station Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-40540 CRITICAL POC PATCH Act Now

ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ulfius
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-38705 HIGH POC This Week

ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cliniccases
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-39279 HIGH POC This Week

Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wac 2004 Firmware Wac 1001 Firmware Wac 1001 T Firmware Oncell G3470A Lte Eu Firmware +8
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2021-38841 HIGH POC This Week

Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Simple Water Refilling Station Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-33484 HIGH POC This Week

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Onyaktech Comments Pro
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-39503 HIGH POC This Week

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Phpmywind
NVD GitHub
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-39194 MEDIUM POC PATCH This Month

kaml is an open source implementation of the YAML format with support for kotlinx.serialization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Kaml
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-39501 MEDIUM POC This Month

EyouCMS 1.5.4 is vulnerable to Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
3.6%
CVE-2021-39499 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-38704 MEDIUM POC This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cliniccases
NVD GitHub
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-39285 MEDIUM POC This Month

A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Versa Director
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39278 MEDIUM POC This Month

Certain MOXA devices allow reflected XSS via the Config Import menu. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wac 2004 Firmware Wac 1001 Firmware Wac 1001 T Firmware Oncell G3470A Lte Eu Firmware +8
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-32802 CRITICAL Act Now

Nextcloud server is an open source, self hosted personal cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud PHP Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-35946 CRITICAL Act Now

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37716 CRITICAL PATCH Act Now

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-36163 CRITICAL PATCH Act Now

In Apache Dubbo, users may choose to use the Hessian protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Dubbo
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-39496 MEDIUM POC This Month

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38707 MEDIUM POC This Month

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cliniccases
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-36696 MEDIUM POC This Month

Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Deskpro
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-33483 MEDIUM POC This Month

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onyaktech Comments Pro
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37733 MEDIUM POC This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-38706 HIGH This Week

messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Cliniccases
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-39197 HIGH PATCH This Week

better_errors is an open source replacement for the standard Rails error page with more information rich error pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Better Errors
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-38142 HIGH This Week

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Mirrorop Windows Sender
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-38617 HIGH This Week

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Natural Language Processing
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-38616 HIGH This Week

{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Natural Language Processing
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-37219 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp HashiCorp Consul
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-37218 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Nomad
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-36162 HIGH PATCH This Week

Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Dubbo
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-28139 HIGH This Week

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Esp Idf
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-40143 HIGH PATCH This Week

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nexus Repository Manager 3
NVD
CVSS 3.1
8.2
EPSS
2.3%
CVE-2021-32800 HIGH PATCH This Week

Nextcloud server is an open source, self hosted personal cloud. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Nextcloud Authentication Bypass Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2021-37725 HIGH PATCH This Week

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-38615 HIGH This Week

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Natural Language Processing
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-35266 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE Ntfs 3G +2
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-35267 HIGH This Week

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-35269 HIGH This Week

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33289 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33286 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-35268 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33287 HIGH This Week

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39263 HIGH This Week

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-39262 HIGH This Week

A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39261 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-39260 HIGH This Week

A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39259 HIGH This Week

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39258 HIGH This Week

A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy