Skip to main content
CVE-2021-3901 HIGH POC PATCH This Week

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-37221 HIGH POC This Week

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Customer Relationship Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-37803 HIGH POC This Week

An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php . Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi PHP Online Covid Vaccination Scheduler System
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-3903 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-37807 HIGH POC This Week

An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping Portal
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3906 MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-3900 MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-37808 MEDIUM POC This Month

SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi News Portal
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2021-37806 MEDIUM POC This Month

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Vehicle Parking Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2021-41589 CRITICAL Act Now

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Build Cache Node Enterprise
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-3904 MEDIUM POC PATCH This Month

grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37805 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Vehicle Parking Management System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29844 HIGH PATCH This Week

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Engineering Lifecycle Optimization Engineering Requirements Quality Assistant On Premises Engineering Workflow Management +4
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-38450 HIGH This Week

The affected controllers do not properly sanitize the input containing code syntax. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Tracer Concierge Tracer Sc Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-26610 HIGH This Week

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Godomall5
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-34793 HIGH This Week

A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2021-34762 HIGH This Week

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Firepower Management Center Virtual Appliance Firepower Threat Defense Sourcefire Defense Center
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-34756 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Management Center Virtual Appliance Firepower Threat Defense Sourcefire Defense Center
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-34755 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Management Center Virtual Appliance Firepower Threat Defense Sourcefire Defense Center
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-41191 HIGH PATCH This Week

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Roblox Purchasing Hub
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40118 HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Stack Overflow Adaptive Security Appliance +10
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40117 HIGH This Week

A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense +9
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-40116 HIGH This Week

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Secure Firewall Management Center Snort
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40114 HIGH This Week

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Secure Firewall Management Center Unified Threat Defense +1
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-34792 HIGH This Week

A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Adaptive Security Appliance Software Asa 5512 X Firmware +7
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-34783 HIGH This Week

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-34781 HIGH This Week

A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Firepower Management Center Virtual Appliance Firepower Threat Defense +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-34754 HIGH This Week

Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29774 HIGH PATCH This Week

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-22101 HIGH This Week

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capi Release Cf Deployment
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-41872 HIGH This Week

Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Penguin Aurora Box 41502 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-34580 HIGH This Week

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-37130 HIGH PATCH This Week

There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Huawei Path Traversal Fusioncube Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-37129 HIGH This Week

There is an out of bounds write vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Huawei Memory Corruption Ips Module Firmware +10
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-41619 HIGH This Week

An issue was discovered in Gradle Enterprise before 2021.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Enterprise
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-37127 HIGH This Week

There is a signature management vulnerability in some huawei products. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Jwt Attack Imanager Neteco 6000 Firmware Imanager Neteco Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-37131 MEDIUM PATCH This Month

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Manageone Imanager Neteco Imanager Neteco 6000
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-1115 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Microsoft Denial Of Service Nvidia Gpu Display Driver
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-40125 MEDIUM This Month

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft Memory Corruption Use After Free Denial Of Service +10
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-29786 MEDIUM PATCH This Month

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-36756 MEDIUM PATCH This Month

CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cfengine
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-37124 MEDIUM This Month

There is a path traversal vulnerability in Huawei PC product. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Path Traversal Pc Smart Full Scene Pcmanager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-37122 MEDIUM This Month

There is a use-after-free (UAF) vulnerability in Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Cloudengine 12800 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-34764 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect XSS Firepower Management Center Virtual Appliance Firepower Threat Defense +1
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-34761 MEDIUM This Month

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Management Center Virtual Appliance Firepower Threat Defense Sourcefire Defense Center
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-1117 MEDIUM This Month

Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1116 MEDIUM This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Nvidia Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29868 MEDIUM PATCH This Month

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure I2 Ibase
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38379 MEDIUM This Month

The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Cfengine
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29713 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization Rational Collaborative Lifecycle Management Rational Doors Next Generation +2
NVD
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy