Skip to main content
CVE-2021-42847 CRITICAL POC THREAT Emergency

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Adaudit Plus
NVD
CVSS 3.1
9.8
EPSS
70.3%
CVE-2021-43397 HIGH POC This Week

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Liquidfiles
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-3907 CRITICAL PATCH Act Now

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Octorpki Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-43350 CRITICAL PATCH Act Now

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection LDAP Traffic Control
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-42002 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2021-41833 CRITICAL PATCH Act Now

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE Zoho File Upload Manageengine Patch Connect Plus
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2021-41081 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
63.1%
CVE-2021-41080 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-43573 CRITICAL Act Now

A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rtl8195Am Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-34422 CRITICAL Act Now

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal RCE Keybase
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2021-25980 HIGH PATCH This Week

In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Talkyard
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-3909 HIGH PATCH This Week

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3908 HIGH PATCH This Week

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-26558 HIGH This Week

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Shardingsphere Ui
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-34420 HIGH This Week

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jwt Attack Zoom Client For Meetings
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-34417 HIGH This Week

The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zoom On Premise Meeting Connector Controller Zoom On Premise Meeting Connector Mmr Zoom On Premise Recording Connector Zoom On Premise Virtual Room Connector +1
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-3912 MEDIUM PATCH This Month

OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-3911 MEDIUM PATCH This Month

If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-34419 MEDIUM This Month

In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu Code Injection Zoom Client For Meetings
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-34418 MEDIUM This Month

The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zoom On Premise Meeting Connector Controller Zoom On Premise Meeting Connector Mmr Zoom On Premise Recording Connector +2
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-3910 MEDIUM PATCH This Month

OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Octorpki Debian Linux Cloudflare
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.6%
CVE-2021-34421 MEDIUM This Month

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Keybase
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy