Skip to main content
CVE-2021-36908 HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wp Reset Pro
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-36909 HIGH POC This Week

Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Reset Pro
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2021-37322 HIGH POC This Week

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Binutils Gcc
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-39928 HIGH POC This Week

NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2021-39920 HIGH POC This Week

NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Fedora
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-43667 HIGH POC PATCH This Week

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Fabric
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-27023 CRITICAL PATCH Act Now

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Agent Puppet Enterprise Puppet Server Fedora
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-23162 HIGH This Week

Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Command Centre Mobile Connect
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-35535 HIGH This Week

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Relion 670 Firmware Relion 650 Firmware Relion Sam600 Io Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-27024 HIGH This Week

A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Continuous Delivery
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-23197 HIGH This Week

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Centre
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-42524 HIGH This Week

Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2021-42272 HIGH This Week

Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2021-42271 HIGH This Week

Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2021-42270 HIGH This Week

Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2021-42269 HIGH This Week

Adobe Animate version 21.0.9 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed FLA file that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Adobe Animate
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2021-42267 HIGH This Week

Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Animate
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2021-42266 HIGH This Week

Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Animate
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-40760 HIGH PATCH This Week

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-40759 HIGH PATCH This Week

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-40758 HIGH PATCH This Week

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-40757 HIGH PATCH This Week

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-40755 HIGH PATCH This Week

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SGI file in the DoReadContinue function, potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-40754 HIGH PATCH This Week

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2021-40753 HIGH PATCH This Week

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2021-40752 HIGH PATCH This Week

Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2021-40751 HIGH PATCH This Week

Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe After Effects
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2021-40733 HIGH PATCH This Week

Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .psd file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2021-23146 HIGH This Week

An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-43669 HIGH PATCH This Week

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Fabric
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-35534 HIGH This Week

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gms600 Firmware Relion 670 Firmware Relion 650 Firmware Relion Sam600 Io Firmware +1
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-23167 MEDIUM This Month

Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-23155 MEDIUM This Month

Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Command Centre Mobile Client
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-0671 MEDIUM This Month

In apusys, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0670 MEDIUM This Month

In apusys, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0669 MEDIUM This Month

In apusys, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0668 MEDIUM This Month

In apusys, there is a possible memory corruption due to incorrect error handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0667 MEDIUM This Month

In apusys, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0664 MEDIUM This Month

In ccu, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0658 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0657 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0656 MEDIUM This Month

In edma driver, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0655 MEDIUM This Month

In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0629 MEDIUM This Month

In mdlactl driver, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-23193 MEDIUM This Month

Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-27025 MEDIUM PATCH This Month

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Puppet Puppet Agent Puppet Enterprise Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-42268 MEDIUM This Month

Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe Animate
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2021-40761 MEDIUM PATCH This Month

Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe After Effects
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-40756 MEDIUM PATCH This Month

Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe After Effects
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-43668 MEDIUM This Month

Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy