Skip to main content
CVE-2021-38303 CRITICAL POC Act Now

A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sureedge Migrator
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41318 MEDIUM POC This Month

In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Whatsupgold
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.9%
CVE-2021-36366 CRITICAL Act Now

Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-36365 CRITICAL Act Now

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-36364 CRITICAL Act Now

Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-36363 CRITICAL Act Now

Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Privilege Escalation Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-38124 CRITICAL Act Now

Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Arcsight Enterprise Security Manager
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-37271 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ueditor
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36165 MEDIUM POC This Month

RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure S9922L Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-34636 HIGH PATCH This Week

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress PHP Countdown And Countup Woocommerce Sales Timer
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-33601 HIGH This Week

A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Internet Gatekeeper
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-36297 HIGH This Week

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Supportassist For Home Pcs
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-29367 HIGH This Week

A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-29366 HIGH This Week

A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-29364 HIGH This Week

A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29363 HIGH This Week

A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29362 HIGH This Week

A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29361 HIGH This Week

A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29360 HIGH This Week

A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-41540 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-41539 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-41537 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-41536 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-41535 HIGH PATCH This Week

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge Nx 1984 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-37273 HIGH This Week

A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Epon Tianyi Gateway Zxhn F450 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-41104 HIGH PATCH This Week

ESPHome is a system to control the ESP8266/ESP32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Esphome Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-37105 HIGH This Week

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Fusioncompute
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37104 HIGH This Week

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei SSRF P40 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37146 HIGH This Week

An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ros Comm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-33600 HIGH This Week

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Internet Gatekeeper
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37106 HIGH This Week

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fusioncompute
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-36286 HIGH PATCH This Week

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Dell Microsoft Path Traversal Supportassist Client Consumer
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-36283 MEDIUM PATCH This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell RCE Chengming 3990 Firmware Chengming 3991 Firmware G3 15 3500 Firmware +82
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-37267 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kindeditor
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-30086 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kindeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29365 MEDIUM This Month

Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Irfanview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-29358 MEDIUM This Month

A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Irfanview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-21570 MEDIUM PATCH This Month

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Information Disclosure Emc Networker
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-21569 MEDIUM PATCH This Month

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Path Traversal Command Injection Emc Networker
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-22535 MEDIUM This Month

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Netiq Directory And Resource Administrator
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2021-36285 MEDIUM This Month

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Latitude 5310 2 In 1 Firmware Latitude 5320 Firmware Latitude 5400 Firmware +18
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-36284 MEDIUM This Month

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Latitude 5310 2 In 1 Firmware Latitude 5320 Firmware Latitude 5400 Firmware +18
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21522 MEDIUM This Month

Dell BIOS contains a Credentials Management issue. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Latitude 5285 2 In 1 Firmware Latitude 5289 2 In 1 Firmware Latitude 5310 2 In 1 Firmware +25
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-41106 LOW PATCH Monitor

JWT is a library to work with JSON Web Token and JSON Web Signature. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Jwt
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-41538 LOW PATCH Monitor

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure Solid Edge Nx 1984 Firmware Nx 1988 Firmware +4
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2021-41534 LOW PATCH Monitor

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Solid Edge Nx 1984 Firmware Nx 1988 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2021-41533 LOW PATCH Monitor

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Solid Edge Nx 1984 Firmware Nx 1988 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy