Skip to main content
CVE-2021-38705 HIGH POC This Week

ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cliniccases
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-39279 HIGH POC This Week

Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wac 2004 Firmware Wac 1001 Firmware Wac 1001 T Firmware Oncell G3470A Lte Eu Firmware +8
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2021-38841 HIGH POC This Week

Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Simple Water Refilling Station Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-33484 HIGH POC This Week

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Onyaktech Comments Pro
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-39503 HIGH POC This Week

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Phpmywind
NVD GitHub
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-38706 HIGH This Week

messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Cliniccases
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-39197 HIGH PATCH This Week

better_errors is an open source replacement for the standard Rails error page with more information rich error pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Better Errors
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-38142 HIGH This Week

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Mirrorop Windows Sender
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-38617 HIGH This Week

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Natural Language Processing
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-38616 HIGH This Week

{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Natural Language Processing
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-37219 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp HashiCorp Consul
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-37218 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Nomad
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-36162 HIGH PATCH This Week

Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Dubbo
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-28139 HIGH This Week

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Esp Idf
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-40143 HIGH PATCH This Week

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nexus Repository Manager 3
NVD
CVSS 3.1
8.2
EPSS
2.3%
CVE-2021-32800 HIGH PATCH This Week

Nextcloud server is an open source, self hosted personal cloud. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Nextcloud Authentication Bypass Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2021-37725 HIGH PATCH This Week

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-38615 HIGH This Week

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Natural Language Processing
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-35266 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE Ntfs 3G +2
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-35267 HIGH This Week

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-35269 HIGH This Week

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33289 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33286 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-35268 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33287 HIGH This Week

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39263 HIGH This Week

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-39262 HIGH This Week

A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39261 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-39260 HIGH This Week

A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39259 HIGH This Week

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39258 HIGH This Week

A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39256 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-39255 HIGH This Week

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39254 HIGH This Week

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39253 HIGH This Week

A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39252 HIGH This Week

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39251 HIGH This Week

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ntfs 3G Debian Linux Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-33285 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ntfs 3G Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39500 HIGH This Week

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Eyoucms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-37628 HIGH PATCH This Week

Nextcloud Richdocuments is an open source collaborative office suite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Nextcloud Authentication Bypass Richdocuments
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-36717 HIGH This Week

Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Timenet
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37145 HIGH This Week

A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Command Injection Cx5500 Firmware Cx5100 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-37724 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37723 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37722 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37721 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37720 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37719 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-37718 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37717 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy