Skip to main content
CVE-2021-41653 CRITICAL POC THREAT Emergency

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.5%.

Code Injection TP-Link RCE Tl Wr840N Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
77.5%
Threat
5.8
CVE-2021-43616 CRITICAL POC PATCH Act Now

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure npm Next Generation Application Programming Interface Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-3918 CRITICAL POC PATCH Act Now

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Json Schema Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-3683 MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-3945 MEDIUM POC PATCH This Month

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XSS Django Helpdesk
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-38684 CRITICAL Act Now

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap RCE Memory Corruption Multimedia Console
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-3915 MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2021-3776 MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-3775 MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-3938 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3932 MEDIUM POC PATCH This Month

twill is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Twill
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-3931 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Snipe It
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-3921 MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-34357 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap XSS Qmailagent
NVD
CVSS 3.1
6.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy