Skip to main content
CVE-2021-22005 CRITICAL POC KEV PATCH THREAT Act Now

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-22015 HIGH POC PATCH Act Now

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Path Traversal Information Disclosure VMware Cloud Foundation +1
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-26794 CRITICAL POC Act Now

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP File Upload Frogcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-21913 CRITICAL POC Act Now

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Authentication Bypass Dir 3040 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-22945 CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Cloud Backup Clustered Data Ontap +13
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2021-41381 HIGH POC THREAT This Week

Payara Micro Community 5.2021.6 and below allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Micro Community
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
52.9%
CVE-2021-22948 HIGH POC PATCH This Week

Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Revive Adserver
NVD
CVSS 3.1
7.1
EPSS
2.6%
CVE-2021-32959 CRITICAL PATCH Act Now

Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suitelink
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-22941 CRITICAL KEV THREAT Act Now

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Sharefile Storagezones Controller
NVD
CVSS 3.1
9.8
EPSS
53.6%
CVE-2021-34770 CRITICAL Act Now

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Apple Heap Overflow +2
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-34727 CRITICAL Act Now

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Denial Of Service Cisco Ios Xe Sd Wan
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-36873 MEDIUM POC This Month

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Iq Block Country
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-22017 MEDIUM POC KEV PATCH THREAT This Month

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Vcenter Server
NVD
CVSS 3.1
5.3
EPSS
47.6%
CVE-2021-1619 CRITICAL Act Now

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple Memory Corruption Denial Of Service +146
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2021-41088 HIGH PATCH This Week

Elvish is a programming language and interactive shell, combined into one package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

RCE Information Disclosure Elvish
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-22952 HIGH This Week

A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ubiquiti RCE Code Injection Unifi Talk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-34697 HIGH This Week

A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-1624 HIGH This Week

A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-1622 HIGH PATCH This Week

A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2021-1615 HIGH PATCH This Week

A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Embedded Wireless Controller
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-1611 HIGH PATCH This Week

A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-1565 HIGH This Week

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe Embedded Wireless Controller +1
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2021-36823 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.8. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Absolutely Glamorous Custom Admin
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2021-26750 HIGH This Week

DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Panda Adaptive Defense 360 Panda Devices Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33035 HIGH PATCH This Week

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apache RCE Openoffice
NVD GitHub
CVSS 3.1
7.8
EPSS
50.6%
CVE-2021-1419 HIGH PATCH This Week

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Cisco Authentication Bypass Aironet 1542D Firmware Aironet 1562D Firmware Aironet 1815M Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34699 HIGH This Week

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service iOS Ios Xe
NVD
CVSS 3.1
7.7
EPSS
1.1%
CVE-2021-1623 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
7.7
EPSS
1.1%
CVE-2021-1620 HIGH PATCH This Week

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Microsoft Denial Of Service iOS +1
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2021-38864 HIGH PATCH This Week

IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-32999 HIGH PATCH This Week

Improper handling of exceptional conditions in SuiteLink server while processing command 0x01. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suitelink
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-32987 HIGH PATCH This Week

Null pointer dereference in SuiteLink server while processing command 0x0b. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Suitelink
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-32979 HIGH PATCH This Week

Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Suitelink
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-32971 HIGH PATCH This Week

Null pointer dereference in SuiteLink server while processing command 0x07. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Suitelink
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-32963 HIGH PATCH This Week

Null pointer dereference in SuiteLink server while processing commands 0x03/0x10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Suitelink
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-22019 HIGH PATCH This Week

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22013 HIGH PATCH This Week

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22012 HIGH PATCH This Week

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

VMware Information Disclosure Authentication Bypass Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-22010 HIGH PATCH This Week

The vCenter Server contains a denial-of-service vulnerability in VPXD service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22009 HIGH PATCH This Week

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Denial Of Service Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22008 HIGH PATCH This Week

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22006 HIGH PATCH This Week

The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2021-34769 HIGH This Week

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-34768 HIGH This Week

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-34767 HIGH This Week

A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2021-34740 HIGH This Week

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Aironet Access Point Software
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2021-34714 HIGH This Week

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Fxos Firepower Extensible Operating System +4
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-1621 HIGH PATCH This Week

A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames,. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2021-22014 HIGH PATCH This Week

The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-1612 HIGH PATCH This Week

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Cisco Apple Information Disclosure Sd Wan
NVD
CVSS 3.1
7.1
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy