Skip to main content
CVE-2021-42109 CRITICAL POC Act Now

VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Exterity Avediaserver Exterity Avediastream Encoders Firmware Avediastream M9605 Firmware Avediastream M9400 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-37972 HIGH POC This Week

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-37970 HIGH POC This Week

Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-30625 HIGH POC THREAT This Week

Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
10.1%
CVE-2021-41919 HIGH POC This Week

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Webtareas
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-41916 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Webtareas
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-41920 HIGH POC This Week

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Webtareas
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-41947 HIGH POC This Week

A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Subrion Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-37976 MEDIUM POC KEV THREAT This Month

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
19.9%
CVE-2021-3312 MEDIUM POC PATCH This Month

An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Opencms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-42112 MEDIUM POC PATCH This Month

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-41566 CRITICAL Act Now

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Tadtools
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-36767 CRITICAL Act Now

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Realport Connectport Ts 8 16 Firmware Connectport Lts 8 16 32 Firmware Passport Integrated Console Server Firmware +15
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-35977 CRITICAL Act Now

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Realport Connectport Ts 8 16 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37973 CRITICAL KEV PATCH THREAT Act Now

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
11.7%
CVE-2021-30633 CRITICAL KEV THREAT Act Now

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
32.7%
CVE-2021-41918 MEDIUM POC This Month

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webtareas
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41917 MEDIUM POC This Month

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Webtareas
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41825 MEDIUM POC This Month

Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Workforce Optimization
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-41975 CRITICAL Act Now

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tadtools
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-41974 CRITICAL Act Now

Tad Book3 editing book page does not perform identity verification. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tad Book3
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-37975 HIGH KEV THREAT This Week

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
34.9%
CVE-2021-37974 HIGH This Week

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-37962 HIGH This Week

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-37961 HIGH This Week

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-37959 HIGH This Week

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-37957 HIGH This Week

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-37956 HIGH This Week

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30632 HIGH KEV THREAT This Week

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
64.5%
CVE-2021-30629 HIGH This Week

Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-30628 HIGH This Week

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-30627 HIGH This Week

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-30626 HIGH This Week

Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-37971 MEDIUM POC This Month

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-35979 HIGH This Week

An issue was discovered in Digi RealPort through 4.8.488.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Realport Connectport Ts 8 16 Firmware Connectport Lts 8 16 32 Firmware Passport Integrated Console Server Firmware +14
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-37969 HIGH This Week

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Privilege Escalation Chrome Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-41133 HIGH PATCH This Week

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Flatpak Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25270 MEDIUM This Month

A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Hitmanpro Alert
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-32029 MEDIUM PATCH This Month

A flaw was found in postgresql. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PostgreSQL Information Disclosure Jboss Enterprise Application Platform
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-41568 MEDIUM This Month

Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tad Web
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-41564 MEDIUM This Month

Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tad Honor
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-40832 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant Cloud Protection For Salesforce Elements For Microsoft 365 Internet Gatekeeper +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-33603 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant Cloud Protection For Salesforce Elements For Microsoft 365 Internet Gatekeeper +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-41567 MEDIUM This Month

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tad Uploader
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-41565 MEDIUM This Month

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tadtools
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-41563 MEDIUM This Month

Tad Book3 editing book function does not filter special characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tad Book3
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-25271 MEDIUM This Month

A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hitmanpro
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-20600 MEDIUM This Month

Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service R12Ccpu V Firmware
NVD
CVSS 3.1
5.9
EPSS
2.2%
CVE-2021-29906 MEDIUM This Month

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure App Connect Enterprise Certified Container
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-37958 MEDIUM This Month

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Code Injection Chrome Fedora +1
NVD
CVSS 3.1
5.4
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy