Skip to main content
CVE-2021-41764 HIGH POC This Week

A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Streama
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-3653 HIGH POC PATCH This Week

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Amd Information Disclosure Authentication Bypass Linux Kernel +2
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-22946 HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Cloud Backup +25
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-41732 HIGH POC This Week

An issue was discovered in zeek version 4.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Zeek
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-23446 HIGH POC PATCH This Week

The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Handsontable
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-41821 MEDIUM POC This Month

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Wazuh
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-40651 MEDIUM POC THREAT This Month

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Opensis
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
18.4%
CVE-2021-22947 MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora Debian Linux Cloud Backup +22
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-35943 CRITICAL Act Now

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-36745 CRITICAL PATCH Act Now

A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Trend Micro Authentication Bypass Serverprotect
NVD
CVSS 3.1
9.8
EPSS
9.0%
CVE-2021-33924 CRITICAL Act Now

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ansible
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-25962 HIGH PATCH This Week

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Shuup
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-41034 HIGH This Week

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Java Che
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-25961 HIGH PATCH This Week

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2021-25960 HIGH PATCH This Week

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Suitecrm
NVD GitHub
CVSS 3.1
8.0
EPSS
1.2%
CVE-2021-40715 HIGH PATCH This Week

Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-40710 HIGH PATCH This Week

Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Pro
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2021-39863 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat Dc +5
NVD
CVSS 3.1
7.8
EPSS
12.5%
CVE-2021-39843 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
76.1%
CVE-2021-39842 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat +3
NVD
CVSS 3.0
7.8
EPSS
16.8%
CVE-2021-39841 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Adobe Acrobat Acrobat Reader +2
NVD
CVSS 3.0
7.8
EPSS
11.3%
CVE-2021-39840 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat +3
NVD
CVSS 3.0
7.8
EPSS
49.5%
CVE-2021-39839 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat +3
NVD
CVSS 3.0
7.8
EPSS
64.3%
CVE-2021-39838 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat +3
NVD
CVSS 3.0
7.8
EPSS
64.3%
CVE-2021-39837 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat +3
NVD
CVSS 3.0
7.8
EPSS
64.3%
CVE-2021-39836 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
68.7%
CVE-2021-39832 HIGH PATCH This Week

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Framemaker
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2021-39831 HIGH PATCH This Week

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-39830 HIGH PATCH This Week

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Framemaker
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2021-39829 HIGH PATCH This Week

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Framemaker
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2021-39821 HIGH This Week

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Adobe Indesign
NVD
CVSS 3.0
7.8
EPSS
3.8%
CVE-2021-28547 HIGH PATCH This Week

Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Apple Privilege Escalation Adobe Creative Cloud Desktop Application
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2021-35028 HIGH PATCH This Week

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Zywall Vpn2S Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39342 HIGH PATCH This Week

The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Financial
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-35945 HIGH This Week

Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-35944 HIGH This Week

Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-35027 HIGH PATCH This Week

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Zyxel Zywall Vpn2S Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-40708 HIGH This Week

Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Adobe Genuine Service
NVD
CVSS 3.1
7.3
EPSS
1.6%
CVE-2021-35982 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2021-32466 HIGH PATCH This Week

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing. Rated high severity (CVSS 7.0).

Privilege Escalation Trend Micro Housecall For Home Networks
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-41795 MEDIUM This Month

The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Hashicorp Authentication Bypass 1Password
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-41573 MEDIUM This Month

Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Content Platform Anywhere
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-39856 MEDIUM This Month

Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Acrobat Acrobat Reader Acrobat Dc +1
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-39855 MEDIUM This Month

Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Adobe Acrobat Acrobat Reader +2
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-39846 MEDIUM This Month

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Adobe Acrobat Acrobat Reader +2
NVD
CVSS 3.1
6.1
EPSS
2.5%
CVE-2021-39845 MEDIUM This Month

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Adobe Acrobat Acrobat Reader +2
NVD
CVSS 3.1
6.1
EPSS
2.5%
CVE-2021-25959 MEDIUM PATCH This Month

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Opencrx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40716 MEDIUM This Month

XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
5.5
EPSS
2.2%
CVE-2021-39861 MEDIUM This Month

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc +4
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2021-39860 MEDIUM This Month

Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe Acrobat Acrobat Reader +2
NVD
CVSS 3.1
5.5
EPSS
2.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy