Skip to main content
CVE-2021-23444 CRITICAL POC PATCH Act Now

This affects the package jointjs before 3.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Jointjs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-40847 HIGH POC THREAT This Week

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear RCE R6400V2 Firmware R6700 Firmware R6700V3 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
10.1%
CVE-2021-37419 HIGH POC PATCH This Week

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho SSRF Manageengine Admanager Plus
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-37420 MEDIUM POC PATCH This Month

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho Authentication Bypass Manageengine Admanager Plus
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-40868 MEDIUM POC This Month

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloudron
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
9.1%
CVE-2021-23443 MEDIUM POC PATCH This Month

This affects the package edge.js before 5.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Edge
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-37424 CRITICAL PATCH Act Now

ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho Information Disclosure Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2021-28960 CRITICAL Act Now

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Command Injection Desktop Central
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-0869 CRITICAL Act Now

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-31917 CRITICAL Act Now

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Infinispan Server Rest Data Grid
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-37741 HIGH This Week

ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-41084 MEDIUM POC PATCH This Month

http4s is an open source scala interface for HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Http4S
NVD GitHub
CVSS 3.1
4.7
EPSS
1.2%
CVE-2021-29831 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Jazz For Service Management Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-20037 HIGH This Week

SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sonicwall Global Vpn Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41531 HIGH This Week

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routinator
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-41087 MEDIUM PATCH This Month

in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal In Toto Golang
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-39230 MEDIUM PATCH This Month

Butter is a system usability utility. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Butter
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-20829 MEDIUM This Month

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29795 MEDIUM PATCH This Month

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

IBM Denial Of Service Powervm Hypervisor
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-41525 MEDIUM This Month

An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Flexnet Inventory Agent And Beacon
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-26333 MEDIUM This Month

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Chipset Driver Psp Driver
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-41086 MEDIUM PATCH This Month

jsuites is an open source collection of common required javascript web components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jsuites
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy