Skip to main content
CVE-2021-31627 HIGH POC This Week

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda Ac9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-31624 HIGH POC This Week

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-41645 HIGH POC This Week

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Budget And Expense Tracker System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-39179 HIGH POC PATCH This Week

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Dhis 2
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-41746 HIGH POC This Week

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Turbocrm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41189 HIGH POC PATCH This Week

DSpace is an open source turnkey repository application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dspace
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-41675 HIGH POC This Week

A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload E Negosyo System
NVD GitHub
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-25742 HIGH POC This Week

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Ingress Nginx Trident
NVD GitHub
CVSS 3.1
7.1
EPSS
1.8%
CVE-2021-22038 HIGH This Week

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-1118 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Privilege Escalation Nvidia Virtual Gpu
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22037 HIGH This Week

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-41186 HIGH PATCH This Week

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Fluentd
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-1119 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Virtual Gpu
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-1120 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure Virtual Gpu
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy