Skip to main content
CVE-2021-41269 CRITICAL POC PATCH Act Now

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Java Cron Utils
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-41266 CRITICAL POC PATCH THREAT Act Now

Minio console is a graphical user interface for the for MinIO operator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Minio Console
NVD GitHub
CVSS 3.1
9.8
EPSS
46.7%
CVE-2021-42580 CRITICAL POC Act Now

Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP File Upload Authentication Bypass Online Learning System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
10.0%
CVE-2021-41765 CRITICAL POC THREAT Act Now

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Resourcespace
NVD
CVSS 3.1
9.8
EPSS
67.8%
CVE-2021-41950 CRITICAL POC THREAT Act Now

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Resourcespace
NVD
CVSS 3.1
9.1
EPSS
74.9%
CVE-2021-43495 HIGH POC This Week

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Alquist
NVD GitHub
CVSS 3.1
7.5
EPSS
9.1%
CVE-2021-43620 HIGH POC PATCH This Week

An issue was discovered in the fruity crate through 0.2.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fruity
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-43618 HIGH POC PATCH This Week

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Gmp Debian Linux Active Iq Unified Manager +5
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-22959 MEDIUM POC PATCH This Month

The parser in accepts requests with a space (SP) right after the header name before the colon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Llhttp Graalvm Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2021-41951 MEDIUM POC THREAT This Month

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Resourcespace
NVD
CVSS 3.1
6.1
EPSS
77.9%
CVE-2021-43574 MEDIUM POC This Month

WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atmail
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2021-42377 CRITICAL Act Now

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-42374 MEDIUM POC This Month

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Busybox Fedora +10
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-41263 HIGH PATCH This Week

rails_multisite provides multi-db support for Rails applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Rails Multisite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-34992 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE C1 Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-34991 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE Ex3700 Firmware +43
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2021-42839 HIGH This Week

Grand Vice info Co. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Webopac
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-42706 HIGH This Week

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-38984 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-38983 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-38979 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-42386 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-42385 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-42384 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-42383 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-42382 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-42381 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-42380 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-42379 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-42378 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-41244 HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure
NVD GitHub
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-38975 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-38974 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-41289 MEDIUM This Month

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Buffer Overflow P453Uj Bios
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2021-39222 MEDIUM This Month

Nextcloud is an open-source, self-hosted productivity platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud XSS Talk
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-42703 MEDIUM This Month

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webaccess Hmi Designer
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-42838 MEDIUM This Month

Grand Vice info Co. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webopac
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38978 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-42376 MEDIUM This Month

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42375 MEDIUM This Month

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Busybox Fedora Cloud Backup Hci Management Node +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42373 MEDIUM This Month

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-38976 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38982 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41271 MEDIUM PATCH This Month

Discourse is a platform for community discussion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-38981 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-38977 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy