Skip to main content
CVE-2021-41392 CRITICAL POC Act Now

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boostnote
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-39228 CRITICAL POC PATCH Act Now

Tremor is an event processing system for unstructured data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Tremor
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-23442 CRITICAL POC PATCH Act Now

This affects all versions of package @cookiex/deep. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Cookiex Deep
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-21548 HIGH POC This Week

Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-21547 HIGH POC This Week

Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-41390 HIGH POC This Week

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson Code Injection Enterprise Content Management
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2021-3810 HIGH POC PATCH This Week

code-server is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Code Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3807 HIGH POC PATCH MAL This Week

ansi-regex is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Ansi Regex Communications Cloud Native Core Policy
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-3804 HIGH POC PATCH This Week

taro is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Taro
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3803 HIGH POC PATCH This Week

nth-check is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nth Check Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-3805 HIGH POC PATCH This Week

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Object Path Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-41383 HIGH POC This Week

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R6020 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-41380 MEDIUM POC This Month

RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vnc Viewer
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-41326 CRITICAL PATCH Act Now

In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-3812 MEDIUM POC PATCH This Month

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Web Interface
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-3811 MEDIUM POC PATCH This Month

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Web Interface
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-38412 CRITICAL Act Now

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Portserver Ts 16 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41317 CRITICAL PATCH Act Now

XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

XSS Authentication Bypass Xss Hunter Express
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-39227 CRITICAL PATCH Act Now

ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Apache Information Disclosure Zrender
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41303 CRITICAL PATCH Act Now

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Java Authentication Bypass Shiro Financial Services Crime And Compliance Management Studio
NVD
CVSS 3.1
9.8
EPSS
76.7%
CVE-2021-1976 CRITICAL PATCH Act Now

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Qualcomm Memory Corruption Denial Of Service Apq8009 Firmware +246
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-20790 CRITICAL Act Now

Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Revoworks Browser
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2021-41391 MEDIUM POC This Month

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson XSS Enterprise Content Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-39327 MEDIUM POC PATCH THREAT This Month

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Information Disclosure Bulletproof Security
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
72.3%
CVE-2021-20791 CRITICAL Act Now

Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Revoworks Browser
NVD
CVSS 3.1
9.3
EPSS
0.8%
CVE-2021-41387 HIGH This Week

seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Seatd
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-41315 HIGH This Week

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Remote Collector
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-40825 HIGH This Week

nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nlight Eclypse System Controller Firmware
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2021-41316 HIGH This Week

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Device42
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-38406 HIGH KEV THREAT This Week

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Dopsoft
NVD
CVSS 3.1
7.8
EPSS
77.9%
CVE-2021-38404 HIGH This Week

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Dopsoft
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-38402 HIGH This Week

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Dopsoft
NVD
CVSS 3.1
7.8
EPSS
7.7%
CVE-2021-38304 HIGH PATCH This Week

Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Ni Pal
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-31843 HIGH This Week

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-30261 HIGH This Week

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +179
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30260 HIGH This Week

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +255
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1947 HIGH PATCH This Week

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Memory Corruption Information Disclosure Apq8009W Firmware +86
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31845 HIGH This Week

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Data Loss Prevention Discover
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2021-31844 HIGH This Week

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Data Loss Prevention Endpoint
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-39218 MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-39219 MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2021-39216 MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). No vendor patch available.

Use After Free Memory Corruption Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-20828 MEDIUM This Month

Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Order Status Batch Change
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20825 MEDIUM This Month

Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS List Order Management Item Change
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31842 MEDIUM This Month

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1939 MEDIUM PATCH This Month

Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Qualcomm Denial Of Service Apq8009 Firmware Apq8009W Firmware +106
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy