Skip to main content
CVE-2021-21898 HIGH POC This Week

A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libdxfrw Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-21900 HIGH POC This Week

A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Libdxfrw Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-21899 HIGH POC This Week

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libdxfrw Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-43408 HIGH POC This Week

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Duplicate Post
NVD
CVSS 3.1
8.8
EPSS
9.5%
CVE-2021-22053 HIGH POC PATCH THREAT This Week

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Spring Cloud Netflix
NVD
CVSS 3.1
8.8
EPSS
13.0%
CVE-2021-39236 HIGH POC PATCH This Week

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-3968 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2021-44038 HIGH POC This Week

An issue was discovered in Quagga through 1.2.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Quagga
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-29329 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29327 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29326 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29325 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29324 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Moddable
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-3973 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-3974 HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-41569 HIGH POC This Week

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sas Intrnet
NVD
CVSS 3.1
7.5
EPSS
7.8%
CVE-2021-39929 HIGH POC This Week

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-39926 HIGH POC This Week

Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
7.5%
CVE-2021-39925 HIGH POC This Week

Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2021-39924 HIGH POC This Week

Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2021-39922 HIGH POC This Week

Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2021-39921 HIGH POC This Week

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-22968 HIGH POC PATCH This Week

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP File Upload Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-29328 HIGH POC This Week

OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Moddable
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-22966 HIGH PATCH This Week

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Concrete Cms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-44036 HIGH This Week

Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Team Password Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-39353 HIGH This Week

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Easy Registration Forms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-39232 HIGH PATCH This Week

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41436 HIGH This Week

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Gt Ax11000 Firmware Rt Ax3000 Firmware Rt Ax55 Firmware +15
NVD VulDB
CVSS 3.1
7.5
EPSS
4.6%
CVE-2021-43555 HIGH PATCH This Week

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Path Traversal Mydesigner
NVD
CVSS 3.1
7.8
EPSS
38.0%
CVE-2021-42254 HIGH This Week

BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Privilege Management For Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3962 HIGH PATCH This Week

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
5.8%
CVE-2021-22970 HIGH PATCH This Week

Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22967 HIGH PATCH This Week

In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-22965 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-22951 HIGH PATCH This Week

Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-44037 HIGH This Week

Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Team Password Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-39923 HIGH PATCH This Week

Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy