Skip to main content
CVE-2021-21940 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Eufy Homebase 2 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2021-3323 CRITICAL POC Act Now

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-42325 CRITICAL POC PATCH THREAT Act Now

Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Froxlor
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
11.8%
CVE-2021-40618 CRITICAL POC Act Now

An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-21941 CRITICAL POC Act Now

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Eufy Homebase 2 Firmware
NVD
CVSS 3.1
9.0
EPSS
1.6%
CVE-2021-3330 HIGH POC This Week

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-3321 HIGH POC This Week

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-3322 MEDIUM POC This Month

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20031 MEDIUM POC THREAT This Month

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Sonicos
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
13.0%
CVE-2021-38454 CRITICAL Act Now

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Mxview
NVD
CVSS 3.1
10.0
EPSS
15.8%
CVE-2021-29644 CRITICAL Act Now

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE It Operations Director Job Management Partner 1 It Desktop Management Manager Job Management Partner 1 It Desktop Management 2 Manager +11
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-40499 CRITICAL Act Now

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Code Injection Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38180 CRITICAL Act Now

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Business One
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-37726 CRITICAL Act Now

A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-38458 CRITICAL Act Now

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mxview
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-38456 CRITICAL Act Now

A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mxview
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-40292 MEDIUM POC This Month

A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dzzoffice
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38452 CRITICAL Act Now

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mxview
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-33725 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-33724 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-35495 HIGH This Week

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jasperreports Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38178 HIGH This Week

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-33729 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-39184 HIGH PATCH This Week

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
8.6
EPSS
1.0%
CVE-2021-27395 HIGH This Week

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Simatic Process Historian 2013 Simatic Process Historian 2014 Simatic Process Historian 2019 Simatic Process Historian 2020
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-29645 HIGH This Week

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation It Operations Director Job Management Partner 1 It Desktop Management Manager Job Management Partner 1 It Desktop Management 2 Manager +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38862 HIGH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-35496 HIGH This Week

The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft XXE Jasperreports Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-40500 HIGH This Week

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-38181 HIGH This Week

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38460 HIGH This Week

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mxview
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-25634 HIGH This Week

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-41546 HIGH This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Rx1500 Firmware Ruggedcom Rox Rx1501 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37199 HIGH This Week

A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sinumerik 808D Firmware Sinumerik 828D Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33726 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-37732 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below;. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-37730 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below;. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-37727 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-33736 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-33735 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-33734 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33733 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
15.4%
CVE-2021-33732 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33731 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
46.6%
CVE-2021-33730 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33728 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-38915 MEDIUM This Month

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3671 MEDIUM PATCH This Month

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba Debian Linux Management Services For Element Software +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-37734 MEDIUM PATCH This Month

A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-33727 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sinec Nms
NVD
CVSS 3.1
6.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy