Skip to main content
CVE-2021-36548 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Monstra
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-36547 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Mara Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-37915 HIGH POC This Week

An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ht801 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-37748 HIGH POC This Week

Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Ht801 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
7.3%
CVE-2021-43057 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.14.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Buffer Overflow Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-3745 MEDIUM POC PATCH This Month

flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

File Upload Flatcore Cms
NVD GitHub
CVSS 3.1
6.6
EPSS
1.1%
CVE-2021-41194 CRITICAL PATCH Act Now

FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass First Use Authenticator
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-3823 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Gravityzone
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-37002 CRITICAL Act Now

There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-36990 CRITICAL Act Now

There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-36989 CRITICAL Act Now

There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-36986 CRITICAL Act Now

There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-22474 CRITICAL Act Now

There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-22403 CRITICAL Act Now

There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-36551 MEDIUM POC This Month

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36550 MEDIUM POC This Month

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22436 CRITICAL Act Now

There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-30818 HIGH This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-30809 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Use After Free Denial Of Service +6
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-23546 HIGH This Week

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Irfanview
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-30840 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-30834 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-30824 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Mac Os X +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-30821 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-30814 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-3579 HIGH This Week

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security Tools Total Security
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-3576 HIGH This Week

Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security Tools Total Security
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-36999 HIGH This Week

There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei RCE Emui Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-22470 HIGH This Week

A component of the HarmonyOS has a Privileges Controls vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22458 HIGH This Week

A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22451 HIGH This Week

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22044 HIGH PATCH This Week

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Cloud Openfeign
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-37254 HIGH This Week

In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Files Web
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-37001 HIGH This Week

There is a Register tampering vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow the register value to be modified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-36995 HIGH This Week

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-36993 HIGH This Week

There is a Memory leaks vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-36992 HIGH This Week

There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-36991 HIGH This Week

There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-36988 HIGH This Week

There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-36985 HIGH This Week

There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Code Injection Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22491 HIGH This Week

There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22488 HIGH This Week

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22487 HIGH This Week

There is an Out-of-bounds read vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22486 HIGH This Week

There is a issue of Unstandardized field names in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22485 HIGH This Week

There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22483 HIGH This Week

There is a issue of IP address spoofing in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22481 HIGH This Week

There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22473 HIGH This Week

There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22472 HIGH This Week

There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22406 HIGH This Week

There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy