Skip to main content
CVE-2021-42840 HIGH POC THREAT Act Now

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Suitecrm
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
58.9%
CVE-2021-42258 CRITICAL POC KEV THREAT Act Now

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Billquick Web Suite
NVD
CVSS 3.1
9.8
EPSS
73.3%
CVE-2021-42169 CRITICAL POC Act Now

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Payroll System With Dynamic Tax Bracket
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-41171 HIGH POC PATCH This Week

eLabFTW is an open source electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Elabftw
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-42836 HIGH POC PATCH This Week

GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gjson
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-31682 MEDIUM POC THREAT This Month

The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webctrl
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
10.5%
CVE-2021-41745 CRITICAL PATCH Act Now

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41744 CRITICAL Act Now

All versions of yongyou PLM are affected by a command injection issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ufida Product Lifecycle Management
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-38481 CRITICAL Act Now

The scheduler service running on a specific TCP port enables the user to start and stop jobs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Versiondog
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-38477 CRITICAL PATCH Act Now

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38459 CRITICAL PATCH Act Now

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-38457 CRITICAL PATCH Act Now

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38449 CRITICAL Act Now

Some API functions permit by-design writing or copying data into a given buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-36357 CRITICAL PATCH Act Now

An issue was discovered in OpenPOWER 2.6 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Skiboot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38471 CRITICAL PATCH Act Now

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Versiondog
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-38453 CRITICAL PATCH Act Now

Some API functions allow interaction with the registry, which includes reading values as well as data modification. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-42542 HIGH PATCH This Week

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Wireless 1410 Gateway Firmware Wireless 1410D Gateway Firmware Wireless 1420 Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-42540 HIGH PATCH This Week

The affected product is vulnerable to a unsanitized extract folder for system configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wireless 1410 Gateway Firmware Wireless 1410D Gateway Firmware Wireless 1420 Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-42539 HIGH PATCH This Week

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Wireless 1410 Gateway Firmware Wireless 1410D Gateway Firmware Wireless 1420 Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-42538 HIGH PATCH This Week

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Wireless 1410 Gateway Firmware Wireless 1410D Gateway Firmware Wireless 1420 Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38485 HIGH PATCH This Week

The affected product is vulnerable to improper input validation in the restore file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wireless 1410 Gateway Firmware Wireless 1410D Gateway Firmware Wireless 1420 Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38475 HIGH PATCH This Week

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Versiondog
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38473 HIGH PATCH This Week

The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Versiondog
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38461 HIGH PATCH This Week

The affected product uses a hard-coded blowfish key for encryption/decryption processes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2021-0870 HIGH PATCH This Week

In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Google Buffer Overflow RCE Race Condition Android
NVD
CVSS 3.1
8.1
EPSS
7.0%
CVE-2021-38467 HIGH PATCH This Week

A specific function code receives a raw pointer supplied by the user and deallocates this pointer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Versiondog
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-38463 HIGH PATCH This Week

The affected product does not properly control the allocation of resources. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Versiondog
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-30359 HIGH This Week

The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmony Browse Sandblast Agent For Browsers
NVD GitHub
CVSS 3.1
7.8
EPSS
3.9%
CVE-2021-0708 HIGH PATCH This Week

In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0705 HIGH PATCH This Week

In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0652 HIGH PATCH This Week

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0483 HIGH PATCH This Week

In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-38479 HIGH PATCH This Week

Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Versiondog
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-34362 HIGH This Week

A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Media Streaming Add On
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-38469 HIGH PATCH This Week

Many of the services used by the affected product do not specify full paths for the DLLs they are loading. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-0703 MEDIUM PATCH This Month

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2021-35230 MEDIUM This Month

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Kiwi Cattools
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-42536 MEDIUM PATCH This Month

The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Wireless 1410 Gateway Firmware Wireless 1410D Gateway Firmware Wireless 1420 Gateway Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-38465 MEDIUM PATCH This Month

The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Versiondog
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38455 MEDIUM PATCH This Month

The affected product’s OS Service does not verify any given parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-29835 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-42534 MEDIUM This Month

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tracer Sc Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-41747 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Csdn App
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38451 MEDIUM PATCH This Month

The affected product’s proprietary protocol CSC allows for calling numerous function codes. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Versiondog
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-42556 MEDIUM This Month

Rasa X before 0.42.4 allows Directory Traversal during archive extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rasa X
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-0706 MEDIUM This Month

In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0702 MEDIUM PATCH This Month

In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0651 MEDIUM This Month

In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0643 MEDIUM This Month

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-31834 MEDIUM This Month

Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy