Skip to main content
CVE-2021-42006 HIGH POC This Week

An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gclib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-41322 HIGH POC This Week

Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vvx 400 Firmware Vvx 410 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41593 HIGH POC This Week

Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lightning Network Daemon
NVD GitHub
CVSS 3.1
8.6
EPSS
1.9%
CVE-2021-24465 HIGH POC This Week

The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Meow Gallery
NVD WPScan
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-40683 HIGH POC This Week

In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enterprise Application Access
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22557 HIGH POC PATCH This Week

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Code Injection Slo Generator
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-41285 HIGH POC This Week

Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ballistix Memory Overview Display Utility
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-39433 HIGH POC This Week

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Biqsdrive
NVD GitHub
CVSS 3.1
7.5
EPSS
8.4%
CVE-2021-41651 HIGH POC This Week

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-37777 HIGH POC This Week

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Gila Cms
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-32765 HIGH PATCH This Week

Hiredis is a minimalistic C client library for the Redis database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow Hiredis Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-32762 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-32626 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Redis Heap Overflow RCE Fedora +4
NVD GitHub
CVSS 3.1
8.8
EPSS
15.1%
CVE-2021-41869 HIGH This Week

SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-38618 HIGH This Week

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Workforce Management
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-41579 HIGH This Week

LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal SCADA
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-41578 HIGH This Week

mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Mydesigner
NVD GitHub
CVSS 3.1
7.8
EPSS
10.4%
CVE-2021-41103 HIGH PATCH This Week

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Containerd Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-36051 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-38392 HIGH This Week

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2021-41092 HIGH PATCH This Week

Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Command Line Interface Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41118 HIGH PATCH This Week

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Dynamicpagelist3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-41099 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service RCE Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-32687 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-32675 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Fedora Debian Linux Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.5
EPSS
15.8%
CVE-2021-32628 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-32627 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-23858 HIGH This Week

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexroth Indramotion Mlc L20 Firmware Rexroth Indramotion Mlc L40 Firmware Rexroth Indramotion Mlc L25 Firmware Rexroth Indramotion Mlc L45 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-23855 HIGH This Week

The user and password data base is exposed by an unprotected web server resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexroth Indramotion Xlc Firmware Rexroth Indramotion Mlc Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-41530 HIGH This Week

Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Next Generation Firewall
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-40325 HIGH PATCH This Week

Cobbler before 3.3.0 allows authorization bypass for modification of settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Cobbler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40324 HIGH PATCH This Week

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Cobbler
NVD GitHub
CVSS 3.1
7.5
EPSS
68.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy