Skip to main content
CVE-2021-42013 CRITICAL POC KEV PATCH THREAT Act Now

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE Http Server Fedora +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-42071 CRITICAL POC THREAT Act Now

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dvr Vx16 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
69.9%
CVE-2021-32172 CRITICAL POC THREAT Act Now

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Maian Cart
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
66.4%
CVE-2021-35067 HIGH POC This Week

Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Msg100 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-41794 HIGH POC This Week

ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Open5gs
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-40978 HIGH POC PATCH THREAT This Week

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mkdocs
NVD GitHub
CVSS 3.1
7.5
EPSS
14.8%
CVE-2021-42054 HIGH POC This Week

ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Accel Ppp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-41115 MEDIUM POC PATCH This Month

Zulip is an open source team chat server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Zulip
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-23447 MEDIUM POC PATCH This Month

This affects the package teddy before 0.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Teddy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38298 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XXE Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-42090 CRITICAL Act Now

An issue was discovered in Zammad before 4.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Zammad
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-42094 CRITICAL Act Now

An issue was discovered in Zammad before 4.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Zammad
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-3833 CRITICAL Act Now

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integria Ims
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-37931 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37930 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37929 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37928 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37926 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2021-37924 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37923 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37921 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37920 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37919 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37918 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2021-37762 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2021-3832 CRITICAL Act Now

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Integria Ims
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-22958 CRITICAL PATCH Act Now

A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-22930 CRITICAL PATCH Act Now

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption Use After Free Node.js +4
NVD
CVSS 3.1
9.8
EPSS
37.3%
CVE-2021-42053 MEDIUM POC PATCH This Month

The Unicorn framework through 0.35.3 for Django allows XSS via component.name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python XSS Unicorn
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2021-42091 CRITICAL Act Now

An issue was discovered in Zammad before 4.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF Zammad
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-42086 HIGH This Week

An issue was discovered in Zammad before 4.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-20489 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling File Gateway
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-33903 HIGH This Week

In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lcos
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-28661 MEDIUM POC PATCH This Month

Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Silverstripe
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-40726 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat Dc +1
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2021-40725 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat Dc +1
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2021-28129 HIGH This Week

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apache Authentication Bypass Openoffice
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-26557 HIGH This Week

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tentacle
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26556 HIGH This Week

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy Octopus Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-42095 HIGH This Week

Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xshell
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-42089 HIGH This Week

An issue was discovered in Zammad before 4.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20584 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-41770 HIGH This Week

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Pingfederate
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-42093 HIGH This Week

An issue was discovered in Zammad before 4.1.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-42084 MEDIUM This Month

An issue was discovered in Zammad before 4.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zammad
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20473 MEDIUM PATCH This Month

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20375 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-40439 MEDIUM This Month

Apache OpenOffice has a dependency on expat software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service XXE Openoffice
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2021-41865 MEDIUM This Month

HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Nomad
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-42088 MEDIUM This Month

An issue was discovered in Zammad before 4.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.1
6.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy