Skip to main content
CVE-2021-42057 HIGH POC PATCH This Week

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Obsidian Dataview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-42624 HIGH POC This Week

A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Miniftpd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-43396 HIGH POC PATCH This Week

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Glibc Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function +3
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-21695 HIGH PATCH This Week

FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-21686 HIGH PATCH This Week

File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-34739 HIGH This Week

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Authentication Bypass Sf250 24 Firmware Sf250 24P Firmware Sf250 48 Firmware +206
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-40124 HIGH This Week

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34597 HIGH This Week

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pc Worx Pc Worx Express
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-41247 HIGH PATCH This Week

JupyterHub is an open source multi-user server for Jupyter notebooks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyterhub
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-21698 HIGH PATCH This Week

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal Subversion
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-21688 HIGH PATCH This Week

The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40112 HIGH PATCH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Command Injection Authentication Bypass Catalyst Pon Switch Cgp Ont 1P Firmware Catalyst Pon Switch Cgp Ont 4P Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-34741 HIGH This Week

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Asyncos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-43281 HIGH PATCH This Week

MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Code Injection Mybb
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-40120 HIGH This Week

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Code Injection Ios Xr Application Extension Platform
NVD
CVSS 3.1
7.2
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy