Skip to main content
CVE-2021-38112 HIGH POC This Week

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft RCE Aws Workspaces
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2021-40875 HIGH POC THREAT This Week

Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Testrail
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
48.4%
CVE-2021-41382 HIGH POC This Week

Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Plastic Scm
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
8.9%
CVE-2021-21991 HIGH PATCH This Week

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-31847 HIGH This Week

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation RCE Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41011 HIGH This Week

LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Line
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-31841 HIGH This Week

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Jwt Attack Mcafee Agent
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-31836 HIGH This Week

Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Mcafee Agent
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-3583 HIGH PATCH This Week

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ansible Automation Platform Ansible Engine Ansible Tower
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy