Skip to main content
CVE-2021-23433 CRITICAL POC PATCH Act Now

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Algoliasearch Helper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-40391 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gerbv Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-21898 HIGH POC This Week

A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libdxfrw Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-21900 HIGH POC This Week

A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Libdxfrw Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-21899 HIGH POC This Week

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libdxfrw Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-43408 HIGH POC This Week

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Duplicate Post
NVD
CVSS 3.1
8.8
EPSS
9.5%
CVE-2021-22053 HIGH POC PATCH THREAT This Week

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Spring Cloud Netflix
NVD
CVSS 3.1
8.8
EPSS
13.0%
CVE-2021-39236 HIGH POC PATCH This Week

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-3968 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2021-44038 HIGH POC This Week

An issue was discovered in Quagga through 1.2.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Quagga
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-29329 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29327 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29326 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29325 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29324 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-3973 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-3974 HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-41569 HIGH POC This Week

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sas Intrnet
NVD
CVSS 3.1
7.5
EPSS
7.8%
CVE-2021-39929 HIGH POC This Week

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-39926 HIGH POC This Week

Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
7.5%
CVE-2021-39925 HIGH POC This Week

Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2021-39924 HIGH POC This Week

Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2021-39922 HIGH POC This Week

Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2021-39921 HIGH POC This Week

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-22968 HIGH POC PATCH This Week

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP File Upload Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-29328 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Moddable
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-41435 CRITICAL Act Now

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gt Ax11000 Firmware Rt Ax3000 Firmware Rt Ax55 Firmware Rt Ax56U Firmware +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-44033 MEDIUM POC This Month

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Authentication Bypass Identity Vault
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-3976 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Kimai 2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-43409 MEDIUM POC This Month

The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Information Disclosure Wordpress Azure Ad Microsoft Office 365
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-42363 MEDIUM POC PATCH This Month

The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS PHP Preview E Mails For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-41280 CRITICAL PATCH Act Now

Sharetribe Go is a source available marketplace software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Sharetribe
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-37592 CRITICAL Act Now

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Suricata Memory Corruption
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-36372 CRITICAL PATCH Act Now

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Ozone
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-42338 CRITICAL Act Now

4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gcb Doctor
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-44026 CRITICAL KEV PATCH THREAT Act Now

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
42.8%
CVE-2021-29323 MEDIUM POC This Month

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-33850 MEDIUM POC This Month

There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Clarity
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-3920 MEDIUM POC PATCH This Month

grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav Plugin Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-3961 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3950 MEDIUM POC PATCH This Month

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python XSS Django Helpdesk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-22028 CRITICAL PATCH Act Now

In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Greenplum
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2021-39233 CRITICAL PATCH Act Now

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
9.1
EPSS
2.3%
CVE-2021-39231 CRITICAL PATCH Act Now

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
9.1
EPSS
2.3%
CVE-2021-22966 HIGH PATCH This Week

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Concrete Cms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-44036 HIGH This Week

Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Team Password Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-39353 HIGH This Week

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Easy Registration Forms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-39232 HIGH PATCH This Week

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41436 HIGH This Week

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Gt Ax11000 Firmware Rt Ax3000 Firmware Rt Ax55 Firmware +15
NVD VulDB
CVSS 3.1
7.5
EPSS
4.6%
CVE-2021-3963 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Kimai 2
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy