Skip to main content
CVE-2021-35067 HIGH POC This Week

Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Msg100 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-41794 HIGH POC This Week

ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Open5gs
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-40978 HIGH POC PATCH THREAT This Week

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mkdocs
NVD GitHub
CVSS 3.1
7.5
EPSS
14.8%
CVE-2021-42054 HIGH POC This Week

ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Accel Ppp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-42086 HIGH This Week

An issue was discovered in Zammad before 4.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-20489 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling File Gateway
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-33903 HIGH This Week

In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lcos
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-40726 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat Dc +1
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2021-40725 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Acrobat Dc +1
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2021-28129 HIGH This Week

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apache Authentication Bypass Openoffice
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-26557 HIGH This Week

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tentacle
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26556 HIGH This Week

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy Octopus Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-42095 HIGH This Week

Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xshell
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-42089 HIGH This Week

An issue was discovered in Zammad before 4.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20584 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-41770 HIGH This Week

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Pingfederate
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-42093 HIGH This Week

An issue was discovered in Zammad before 4.1.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
7.2
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy