Skip to main content
CVE-2021-34636 HIGH PATCH This Week

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress PHP Countdown And Countup Woocommerce Sales Timer
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-33601 HIGH This Week

A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Internet Gatekeeper
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-36297 HIGH This Week

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Supportassist For Home Pcs
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-29367 HIGH This Week

A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-29366 HIGH This Week

A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-29364 HIGH This Week

A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29363 HIGH This Week

A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29362 HIGH This Week

A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29361 HIGH This Week

A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29360 HIGH This Week

A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-41540 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-41539 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-41537 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-41536 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-41535 HIGH PATCH This Week

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Solid Edge Nx 1984 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-37273 HIGH This Week

A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Epon Tianyi Gateway Zxhn F450 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-41104 HIGH PATCH This Week

ESPHome is a system to control the ESP8266/ESP32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Esphome Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-37105 HIGH This Week

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Fusioncompute
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37104 HIGH This Week

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei SSRF P40 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37146 HIGH This Week

An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ros Comm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-33600 HIGH This Week

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Internet Gatekeeper
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37106 HIGH This Week

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fusioncompute
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-36286 HIGH PATCH This Week

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Dell Microsoft Path Traversal Supportassist Client Consumer
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy