Skip to main content
CVE-2021-39824 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2021-39823 HIGH PATCH This Week

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Adobe Svg Native Viewer
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2021-39819 HIGH PATCH This Week

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-39818 HIGH PATCH This Week

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-34412 HIGH This Week

During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-34411 HIGH This Week

During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34410 HIGH This Week

A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Zoom Plugin For Microsoft Outlook
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34409 HIGH This Week

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings Rooms Screen Sharing
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34408 HIGH This Week

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-23243 HIGH This Week

In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0612 HIGH This Week

In m4u, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0611 HIGH This Week

In m4u, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0610 HIGH This Week

In memory management driver, there is a possible memory corruption due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-41098 HIGH PATCH This Week

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Nokogiri
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-41096 HIGH PATCH This Week

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Rucky
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-41753 HIGH This Week

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir X1560 Firmware Dir X6060 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-36218 HIGH PATCH This Week

An issue was discovered in SKALE sgxwallet 1.58.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Sgxwallet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-34415 HIGH This Week

The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Connector
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-34413 HIGH This Week

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Apple Microsoft Information Disclosure Zoom Plugin For Microsoft Outlook
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-40104 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40103 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal SSRF Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-34570 HIGH PATCH This Week

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Plcnext Technology Starterkit Firmware Axc F 2152 Starterkit Firmware Rfc 4072S Firmware Axc F 3152 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31606 HIGH PATCH This Week

furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Openvpn Monitor
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-31605 HIGH This Week

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Openvpn Monitor
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-28613 HIGH PATCH This Week

Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.

Information Disclosure Adobe Creative Cloud Desktop Application
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-34414 HIGH This Week

The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Meeting Connector Recording Connector Virtual Room Connector Virtual Room Connector Load Balancer
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-34349 HIGH This Week

A command injection vulnerability has been reported to affect QNAP device running QVR. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-20035 MEDIUM KEV THREAT This Month

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware Sma 410 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
3.9%
CVE-2021-40712 MEDIUM PATCH This Month

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Adobe Experience Manager
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-39828 MEDIUM PATCH This Month

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Privilege Escalation Adobe Digital Editions
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-39827 MEDIUM PATCH This Month

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Adobe Digital Editions
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-36877 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Ulisting
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-24652 MEDIUM This Month

The PostX - Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Postx Gutenberg Blocks For Post Grid
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-26587 MEDIUM This Month

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Storeonce 5200 Firmware Storeonce 5650 Firmware Storeonce 5250 Firmware Storeonce 3640 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-41385 MEDIUM This Month

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Snypr
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-40109 MEDIUM This Month

A SSRF issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2021-41095 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-40714 MEDIUM PATCH This Month

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-40106 MEDIUM This Month

An issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-40105 MEDIUM This Month

An issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23054 MEDIUM This Month

On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-40713 MEDIUM PATCH This Month

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-0425 MEDIUM This Month

In memory management driver, there is a possible side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0424 MEDIUM This Month

In memory management driver, there is a possible system crash due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0423 MEDIUM This Month

In memory management driver, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0422 MEDIUM This Month

In memory management driver, there is a possible system crash due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0421 MEDIUM This Month

In memory management driver, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-40711 MEDIUM PATCH This Month

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-36841 MEDIUM This Month

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Yith Maintenance Mode
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24660 MEDIUM This Month

The PostX - Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Postx Gutenberg Blocks For Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy