Skip to main content
CVE-2021-35491 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Streaming Engine
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-35504 HIGH POC This Week

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Filerun
NVD VulDB
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-42008 HIGH POC PATCH This Week

The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel H300s Firmware +9
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-35505 HIGH POC This Week

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Filerun
NVD VulDB
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-39226 HIGH POC KEV PATCH THREAT This Week

Grafana is an open source data visualization platform. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Grafana Authentication Bypass Fedora
NVD GitHub
CVSS 3.1
7.3
EPSS
99.9%
CVE-2021-31988 HIGH This Week

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2016 Axis Os 2018 Axis Os 2020
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-3581 HIGH PATCH This Week

Buffer Access with Incorrect Length Value in zephyr. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-41113 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Typo3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-41554 HIGH This Week

ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Web Central
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-39867 HIGH This Week

In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Gitea
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-41286 HIGH This Week

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Multicash
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31987 HIGH This Week

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Axis Os Axis Os 2016 Axis Os 2018 Axis Os 2020
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-41124 HIGH PATCH This Week

Scrapy-splash is a library which provides Scrapy and JavaScript integration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Scrapy Splash
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-41120 HIGH PATCH This Week

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Paypal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3510 HIGH PATCH This Week

Zephyr JSON decoder incorrectly decodes array of array. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-35497 HIGH This Week

The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Docker Privilege Escalation Activespaces Eftl Ftl
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-39893 HIGH This Week

A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-41524 HIGH PATCH This Week

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Http Server Fedora Instantis Enterprisetrack +1
NVD
CVSS 3.1
7.5
EPSS
25.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy