Skip to main content
CVE-2021-23452 CRITICAL POC Act Now

This affects all versions of package x-assign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure X Assign
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-42771 HIGH POC PATCH This Week

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python Path Traversal RCE Babel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-41167 HIGH POC PATCH This Week

modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Modern Async
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41135 MEDIUM POC PATCH This Month

The Cosmos-SDK is a framework for building blockchain applications in Golang. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Cosmos Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-35652 CRITICAL PATCH Act Now

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Essbase Administration Services
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2021-41163 CRITICAL PATCH Act Now

Discourse is an open source platform for community discussion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Discourse
NVD GitHub
CVSS 3.1
9.8
EPSS
19.8%
CVE-2021-21749 CRITICAL Act Now

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zte Memory Corruption RCE Mf971R Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-21748 CRITICAL Act Now

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zte Memory Corruption RCE Mf971R Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-35617 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-42762 MEDIUM POC This Month

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Webkitgtk Wpe Webkit Fedora +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-42766 CRITICAL Act Now

The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Proof Of Stake Ethereum
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2021-42764 CRITICAL Act Now

The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Proof Of Stake Ethereum
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2021-30304 CRITICAL Act Now

Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Qca2062 Firmware Qca2064 Firmware +11
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-1980 CRITICAL PATCH Act Now

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Apq8064au Firmware +217
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-1977 CRITICAL PATCH Act Now

Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +126
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-25970 HIGH PATCH This Week

Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Camaleon Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-2137 HIGH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Enterprise Manager Base Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-35651 HIGH PATCH This Week

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Essbase Administration Services
NVD
CVSS 3.1
8.5
EPSS
1.0%
CVE-2021-1949 HIGH This Week

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8009W Firmware +137
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-1932 HIGH This Week

Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Authentication Bypass Aqt1000 Firmware Ar8035 Firmware Qca6390 Firmware +61
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-1917 HIGH This Week

Null pointer dereference can occur due to memory allocation failure in DIAG in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Qualcomm Denial Of Service Apq8017 Firmware Apq8053 Firmware +82
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-1913 HIGH This Week

Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Aqt1000 Firmware Ar8035 Firmware +79
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-21745 MEDIUM POC THREAT This Month

ZTE MF971R product has a Referer authentication bypass vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Authentication Bypass Mf971R Firmware
NVD
CVSS 3.1
4.3
EPSS
55.7%
CVE-2021-2461 HIGH This Week

Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Provision API). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Communications Interactive Session Recorder
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2021-35599 HIGH PATCH This Week

Vulnerability in the Zero Downtime DB Migration to Cloud component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Zero Downtime Db Migration To Cloud
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2021-35585 HIGH PATCH This Week

Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Incentive Compensation
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-35570 HIGH PATCH This Week

Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Admin UI). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mobile Field Service
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-35566 HIGH PATCH This Week

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Applications Manager
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-35563 HIGH PATCH This Week

Vulnerability in the Oracle Shipping Execution product of Oracle E-Business Suite (component: Workflow Events). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Shipping Execution
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-35562 HIGH PATCH This Week

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Universal Work Queue
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-35543 HIGH This Week

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Cost Center Common Application Objects
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-35536 HIGH This Week

Vulnerability in the Oracle Deal Management product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Deal Management
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-2485 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2484 HIGH This Week

Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite (component: BIS Operations Intelligence). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Operations Intelligence
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2483 HIGH This Week

Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content Item Manager). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Content Manager
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2482 HIGH This Week

Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: Invoice Approvals). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Payables
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-2474 HIGH This Week

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite (component: Admin). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Web Analytics
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-35538 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-30316 HIGH PATCH This Week

Possible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Ar8031 Firmware Csra6620 Firmware Csra6640 Firmware +74
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30315 HIGH PATCH This Week

Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Qualcomm Memory Corruption Denial Of Service Mdm9628 Firmware +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30305 HIGH PATCH This Week

Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Qca6174a Firmware Qca6391 Firmware Qca6574 Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-30292 HIGH This Week

Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8053 Firmware +89
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30291 HIGH This Week

Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8053 Firmware +88
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30288 HIGH This Week

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8053 Firmware +194
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30258 HIGH This Week

Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8053 Firmware +95
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30257 HIGH This Week

Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8017 Firmware Apq8053 Firmware +75
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30256 HIGH This Week

Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8053 Firmware +75
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1984 HIGH This Week

Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8064au Firmware +92
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1983 HIGH This Week

Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8064au Firmware +92
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1959 HIGH This Week

Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8009W Firmware +186
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy