Skip to main content
CVE-2021-40847 HIGH POC THREAT This Week

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear RCE R6400V2 Firmware R6700 Firmware R6700V3 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
10.1%
CVE-2021-37419 HIGH POC PATCH This Week

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho SSRF Manageengine Admanager Plus
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-37741 HIGH This Week

ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-29831 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Jazz For Service Management Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-20037 HIGH This Week

SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sonicwall Global Vpn Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41531 HIGH This Week

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routinator
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy