Skip to main content
CVE-2021-42772 CRITICAL POC Act Now

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Broadcom Emulex Hba Manager One Command Manager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-41492 CRITICAL POC Act Now

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Cashiering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-43140 CRITICAL POC Act Now

SQL Injection vulnerability exists in Sourcecodester. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Subscription Website
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.7%
CVE-2021-23820 CRITICAL POC PATCH Act Now

This affects all versions of package json-pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Authentication Bypass Json Pointer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-23807 CRITICAL POC PATCH Act Now

This affects the package jsonpointer before 5.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Jsonpointer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-23624 CRITICAL POC PATCH Act Now

This affects the package dotty before 0.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Dotty
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-23509 CRITICAL POC PATCH Act Now

This affects the package json-ptr before 3.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Json Ptr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-43130 CRITICAL POC Act Now

An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Customer Relationship Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-43339 HIGH POC This Week

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson Command Injection Network Location
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
9.6%
CVE-2021-26786 HIGH POC This Week

An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Playtuber
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-36697 MEDIUM POC This Month

With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Pandora Fms
NVD VulDB
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-22960 MEDIUM POC PATCH This Month

The parse function in llhttp < 2.1.4 and < 6.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Llhttp Graalvm Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-38492 MEDIUM POC This Month

When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-43141 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Subscription Website
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-41174 MEDIUM POC PATCH THREAT This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Grafana XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
84.6%
CVE-2021-23784 MEDIUM POC PATCH This Month

This affects the package tempura before 0.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Tempura
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-23472 MEDIUM POC This Month

This affects versions before 1.19.1 of package bootstrap-table. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Authentication Bypass Bootstrap Table
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-43082 CRITICAL PATCH Act Now

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apache Traffic Server
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-40849 CRITICAL Act Now

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mahara
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-39238 CRITICAL Act Now

Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Futuresmart 3 Futuresmart 4 Futuresmart 5
NVD
CVSS 3.1
9.8
EPSS
12.1%
CVE-2021-41036 CRITICAL PATCH Act Now

In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Paho Mqtt C C Client
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-20704 CRITICAL Act Now

Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Clusterpro X Clusterpro X Singleserversafe +2
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20703 CRITICAL Act Now

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Clusterpro X Clusterpro X Singleserversafe +2
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20702 CRITICAL Act Now

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Clusterpro X Clusterpro X Singleserversafe +2
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20701 CRITICAL Act Now

Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Clusterpro X Clusterpro X Singleserversafe +2
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20700 CRITICAL Act Now

Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Clusterpro X Clusterpro X Singleserversafe +2
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-36698 MEDIUM POC This Month

Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pandora Fms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-40985 MEDIUM POC PATCH This Month

A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Htmldoc Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-43032 MEDIUM POC This Month

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xenforo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-38501 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-38500 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-38499 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38496 HIGH This Week

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-38495 HIGH This Week

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-38494 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 91. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38493 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-38161 HIGH PATCH This Week

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.0.0 to 8.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Apache Authentication Bypass Traffic Server Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-29993 HIGH This Week

Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-29991 HIGH This Week

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Request Smuggling Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-38424 HIGH This Week

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Dialink
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-38422 HIGH This Week

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dialink
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38420 HIGH This Week

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dialink
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38416 HIGH This Week

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dialink
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-40848 HIGH This Week

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Mahara
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-35053 HIGH This Week

Possible system denial of service in case of arbitrary changing Firefox browser parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Endpoint Security
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-33800 HIGH This Week

In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Druid
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41585 HIGH PATCH This Week

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-37149 HIGH PATCH This Week

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-37148 HIGH PATCH This Week

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-37147 HIGH PATCH This Week

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy