Skip to main content
CVE-2021-23449 CRITICAL POC PATCH Act Now

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Vm2
NVD GitHub
CVSS 3.1
10.0
EPSS
3.5%
CVE-2021-42576 CRITICAL POC PATCH Act Now

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Bluemonday Pybluemonday
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-42575 CRITICAL POC PATCH Act Now

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Java Html Sanitizer Middleware Common Libraries And Tools Primavera Unifier
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-41153 CRITICAL PATCH Act Now

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Evm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-38389 CRITICAL Act Now

Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
10.4%
CVE-2021-33023 CRITICAL Act Now

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-22961 CRITICAL Act Now

A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Glasswire
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-38297 CRITICAL PATCH Act Now

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora
NVD
CVSS 3.1
9.8
EPSS
10.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy