Skip to main content
CVE-2021-3819 HIGH POC PATCH This Week

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-41097 HIGH POC PATCH This Week

aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Aurelia Path
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2021-3828 HIGH POC PATCH This Week

nltk is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nltk
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-3822 HIGH POC PATCH This Week

jsoneditor is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jsoneditor
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-3820 HIGH POC PATCH This Week

inflect is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Inflect
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-40981 HIGH POC This Week

ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Armoury Crate Lite Service
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-37274 HIGH This Week

Kingdee KIS Professional Edition has a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kis Cloud
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36876 HIGH This Week

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Ulisting
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-36874 HIGH This Week

Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Ulisting
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-40108 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Concrete Cms
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-40097 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Concrete Cms
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-39826 HIGH PATCH This Week

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Adobe Digital Editions
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2021-40709 HIGH This Week

Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop 2020 Photoshop 2021
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2021-40703 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2021-40702 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2021-40701 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2021-40700 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2021-39825 HIGH PATCH This Week

Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Photoshop Elements
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-39824 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2021-39823 HIGH PATCH This Week

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Adobe Svg Native Viewer
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2021-39819 HIGH PATCH This Week

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-39818 HIGH PATCH This Week

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-34412 HIGH This Week

During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-34411 HIGH This Week

During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34410 HIGH This Week

A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Zoom Plugin For Microsoft Outlook
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34409 HIGH This Week

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings Rooms Screen Sharing
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34408 HIGH This Week

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-23243 HIGH This Week

In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0612 HIGH This Week

In m4u, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0611 HIGH This Week

In m4u, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0610 HIGH This Week

In memory management driver, there is a possible memory corruption due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-41098 HIGH PATCH This Week

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Nokogiri
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-41096 HIGH PATCH This Week

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Rucky
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-41753 HIGH This Week

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir X1560 Firmware Dir X6060 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-36218 HIGH PATCH This Week

An issue was discovered in SKALE sgxwallet 1.58.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Sgxwallet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-34415 HIGH This Week

The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Connector
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-34413 HIGH This Week

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Apple Microsoft Information Disclosure Zoom Plugin For Microsoft Outlook
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-40104 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40103 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal SSRF Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-34570 HIGH PATCH This Week

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Plcnext Technology Starterkit Firmware Axc F 2152 Starterkit Firmware Rfc 4072S Firmware Axc F 3152 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31606 HIGH PATCH This Week

furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Openvpn Monitor
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-31605 HIGH This Week

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Openvpn Monitor
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-28613 HIGH PATCH This Week

Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.

Information Disclosure Adobe Creative Cloud Desktop Application
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-34414 HIGH This Week

The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Meeting Connector Recording Connector Virtual Room Connector Virtual Room Connector Load Balancer
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-34349 HIGH This Week

A command injection vulnerability has been reported to affect QNAP device running QVR. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr
NVD
CVSS 3.1
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy