Skip to main content
CVE-2021-43339 HIGH POC This Week

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson Command Injection Network Location
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
9.6%
CVE-2021-26786 HIGH POC This Week

An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Playtuber
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-38501 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-38500 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-38499 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38496 HIGH This Week

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-38495 HIGH This Week

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-38494 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 91. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38493 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-38161 HIGH PATCH This Week

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.0.0 to 8.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Apache Authentication Bypass Traffic Server Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-29993 HIGH This Week

Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-29991 HIGH This Week

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Request Smuggling Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-38424 HIGH This Week

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Dialink
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-38422 HIGH This Week

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dialink
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38420 HIGH This Week

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dialink
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38416 HIGH This Week

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dialink
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-40848 HIGH This Week

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Mahara
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-35053 HIGH This Week

Possible system denial of service in case of arbitrary changing Firefox browser parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Endpoint Security
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-33800 HIGH This Week

In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Druid
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41585 HIGH PATCH This Week

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-37149 HIGH PATCH This Week

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-37148 HIGH PATCH This Week

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-37147 HIGH PATCH This Week

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-41312 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Atlassian Authentication Bypass Data Center Jira
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-38498 HIGH This Week

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20707 HIGH This Week

Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Clusterpro X Clusterpro X Singleserversafe Expresscluster X +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20706 HIGH This Week

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft File Upload Clusterpro X Clusterpro X Singleserversafe Expresscluster X +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20705 HIGH This Week

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft File Upload Clusterpro X Clusterpro X Singleserversafe Expresscluster X +1
NVD
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy