Skip to main content
CVE-2021-38723 HIGH POC This Week

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fuel Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-32833 HIGH POC This Week

Emby Server is a personal media server with apps on many devices. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Information Disclosure Authentication Bypass Emby Releases
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-32836 HIGH POC This Week

ZStack is open source IaaS(infrastructure as a service) software. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Denial Of Service Code Injection Zstack
NVD GitHub
CVSS 3.1
8.1
EPSS
2.0%
CVE-2021-38324 HIGH POC This Week

The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Sp Rental Manager
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-40222 HIGH POC This Week

Rittal CMC PU III Web management Version affected: V3.11.00_2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cmc Pu Iii 7030 000 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
4.7%
CVE-2021-39459 HIGH POC This Week

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
4.9%
CVE-2021-28494 HIGH This Week

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-39206 HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy Pomerium
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2021-39162 HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2021-34720 HIGH This Week

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-34718 HIGH This Week

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xr
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-25461 HIGH This Week

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28498 HIGH This Week

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28497 HIGH This Week

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Metamako Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28493 HIGH This Week

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-26603 HIGH This Week

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Ark Library
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-30295 HIGH This Week

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +121
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1952 HIGH This Week

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Aqt1000 Firmware Ar8031 Firmware +105
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1934 HIGH This Week

Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +94
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1909 HIGH This Week

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +324
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34728 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-34719 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39204 HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-28910 HIGH This Week

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Eibport Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-32487 HIGH This Week

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Modem
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-32486 HIGH This Week

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Modem
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-32485 HIGH This Week

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Modem
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-32484 HIGH This Week

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Modem
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-3761 HIGH PATCH This Week

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Octorpki Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1974 HIGH PATCH This Week

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Aqt1000 Firmware Ar8035 Firmware +188
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1971 HIGH This Week

Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Aqt1000 Firmware Ar8035 Firmware Csr8811 Firmware +118
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1948 HIGH PATCH This Week

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Apq8064au Firmware +216
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1941 HIGH PATCH This Week

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8064au Firmware Apq8096Au Firmware +213
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-34737 HIGH This Week

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Apple Denial Of Service Cisco Ios Xr
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-34713 HIGH This Week

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xr
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-28912 HIGH This Week

BAB TECHNOLOGIE GmbH eibPort V3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Eibport Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-34785 HIGH This Week

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Broadworks Commpilot Application Software
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-25465 HIGH This Week

An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. Rated high severity (CVSS 7.0). No vendor patch available.

Samsung Information Disclosure Themes
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2021-30290 HIGH PATCH This Week

Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.0).

Qualcomm Denial Of Service Qca6174a Firmware Qca6574 Firmware Qca6574a Firmware +38
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy