Skip to main content
CVE-2021-3330 HIGH POC This Week

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-3321 HIGH POC This Week

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-35495 HIGH This Week

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jasperreports Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38178 HIGH This Week

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-33729 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-39184 HIGH PATCH This Week

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
8.6
EPSS
1.0%
CVE-2021-27395 HIGH This Week

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Simatic Process Historian 2013 Simatic Process Historian 2014 Simatic Process Historian 2019 Simatic Process Historian 2020
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-29645 HIGH This Week

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation It Operations Director Job Management Partner 1 It Desktop Management Manager Job Management Partner 1 It Desktop Management 2 Manager +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38862 HIGH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-35496 HIGH This Week

The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft XXE Jasperreports Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-40500 HIGH This Week

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-38181 HIGH This Week

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38460 HIGH This Week

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mxview
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-25634 HIGH This Week

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-41546 HIGH This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Rx1500 Firmware Ruggedcom Rox Rx1501 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37199 HIGH This Week

A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sinumerik 808D Firmware Sinumerik 828D Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33726 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-37732 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below;. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-37730 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below;. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-37727 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-33736 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-33735 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-33734 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33733 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
15.4%
CVE-2021-33732 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33731 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
46.6%
CVE-2021-33730 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33728 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy