Skip to main content
CVE-2021-3858 HIGH POC PATCH This Week

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Snipe It
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-3846 HIGH POC PATCH This Week

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Firefly Iii
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-41131 HIGH POC PATCH This Week

python-tuf is a Python reference implementation of The Update Framework (TUF). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Path Traversal The Update Framework
NVD GitHub
CVSS 3.1
8.7
EPSS
1.4%
CVE-2021-3889 HIGH POC PATCH This Week

libmobi is vulnerable to Use of Out-of-range Pointer Offset. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Libmobi
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-3888 HIGH POC PATCH This Week

libmobi is vulnerable to Use of Out-of-range Pointer Offset. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Libmobi
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-3872 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-3455 HIGH POC This Week

Disconnecting L2CAP channel right after invalid ATT request leads freeze. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-31379 HIGH POC This Week

An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-31353 HIGH POC This Week

An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-3869 HIGH POC PATCH This Week

corenlp is vulnerable to Improper Restriction of XML External Entity Reference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Corenlp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-35323 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.6%
CVE-2021-33988 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-3863 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31384 CRITICAL Act Now

Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
10.0
EPSS
1.1%
CVE-2021-31349 CRITICAL Act Now

The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Juniper Authentication Bypass 128 Technology Session Smart Router Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-30820 CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-38474 CRITICAL Act Now

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ir615 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-38462 CRITICAL Act Now

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Ir615 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-3879 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-3851 MEDIUM POC PATCH This Month

firefly-iii is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Open Redirect Firefly Iii
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-31352 MEDIUM POC This Month

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Juniper Session And Resource Control
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-31381 CRITICAL PATCH Act Now

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Juniper Session And Resource Control
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-38478 CRITICAL Act Now

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ir615 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-38470 CRITICAL Act Now

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ir615 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-31382 CRITICAL Act Now

On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Juniper Junos
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2021-31385 HIGH This Week

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Juniper Junos
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-31372 HIGH This Week

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-31354 HIGH This Week

An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Juniper Information Disclosure Denial Of Service +2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-31350 HIGH PATCH This Week

An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-39355 MEDIUM POC This Month

The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Indeed Job Importer
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-39343 MEDIUM POC This Month

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Mpl Publisher
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-39329 MEDIUM POC This Month

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Jobboardwp
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-38480 HIGH This Week

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ir615 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-38486 HIGH This Week

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ir615 Firmware
NVD
CVSS 3.1
8.5
EPSS
0.8%
CVE-2021-41149 HIGH PATCH This Week

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tough
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-31359 HIGH This Week

A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Juniper Privilege Escalation Stack Overflow Denial Of Service +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31358 HIGH This Week

A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-31357 HIGH This Week

A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-31356 HIGH This Week

A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-30849 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Microsoft Memory Corruption +7
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-30848 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Safari +3
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-30847 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft RCE Itunes Ipados +5
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-30846 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Safari +7
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-30843 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-30842 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-30841 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-30838 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-30837 HIGH This Week

A memory consumption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Tvos
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-30835 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft RCE Itunes Ipados +5
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2021-30832 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy