Skip to main content
CVE-2021-44079 CRITICAL POC PATCH Act Now

In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Wazuh
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-23732 CRITICAL POC Act Now

This affects all versions of package docker-cli-js. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Docker Command Injection Docker Cli Js
NVD
CVSS 3.1
9.0
EPSS
1.8%
CVE-2021-23718 HIGH POC PATCH This Week

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ssrf Agent
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-43557 HIGH POC THREAT This Week

The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection Apisix
NVD
CVSS 3.1
7.5
EPSS
14.6%
CVE-2021-38146 HIGH POC THREAT This Week

The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Holmes
NVD
CVSS 3.1
7.5
EPSS
11.7%
CVE-2021-33491 MEDIUM POC This Month

OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ox App Suite
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2021-23673 MEDIUM POC This Month

This affects all versions of package pekeupload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pekeupload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-38377 MEDIUM POC This Month

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38375 MEDIUM POC This Month

OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-33495 MEDIUM POC This Month

OX App Suite 7.10.5 allows XSS via an OX Chat system message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-33494 MEDIUM POC This Month

OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-33492 MEDIUM POC This Month

OX App Suite 7.10.5 allows XSS via an OX Chat room name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-33490 MEDIUM POC This Month

OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-33489 MEDIUM POC This Month

OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-33488 MEDIUM POC This Month

chat in OX App Suite 7.10.5 has Improper Input Validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-33493 MEDIUM POC This Month

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Ox App Suite
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-44143 CRITICAL PATCH Act Now

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Isync Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-3943 CRITICAL PATCH Act Now

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Moodle
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-26614 CRITICAL Act Now

ius_get.cgi in IpTime C200 camera allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE C200 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-44147 MEDIUM POC This Month

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Filemaker Pro Filemaker Server
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-38374 MEDIUM POC This Month

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-38376 MEDIUM POC This Month

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ox App Suite
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-44144 CRITICAL PATCH Act Now

Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Asterix
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-43559 HIGH PATCH This Week

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-43581 HIGH This Week

An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Prc Sdk
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-38378 MEDIUM POC This Month

OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-3935 HIGH This Week

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Pgbouncer Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-42707 HIGH This Week

PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Plc Editor
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-42705 HIGH This Week

PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Plc Editor
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-43015 HIGH This Week

Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-42738 HIGH PATCH This Week

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Prelude
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-42737 HIGH PATCH This Week

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Prelude
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-42727 HIGH This Week

Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Robohelp Server
NVD
CVSS 3.1
7.8
EPSS
39.4%
CVE-2021-40775 HIGH PATCH This Week

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Prelude
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2021-40772 HIGH PATCH This Week

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Prelude
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2021-40771 HIGH PATCH This Week

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Prelude
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2021-40770 HIGH PATCH This Week

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Prelude
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-43582 HIGH This Week

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-38448 HIGH This Week

The affected controllers do not properly sanitize the input containing code syntax. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Symbio 700 Symbio 800
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2021-44150 HIGH This Week

The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tusdotnet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-43558 MEDIUM PATCH This Month

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-43016 MEDIUM PATCH This Month

Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe Incopy
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2021-42733 MEDIUM PATCH This Month

Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe Bridge
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2021-40774 MEDIUM PATCH This Month

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe Prelude
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-40773 MEDIUM PATCH This Month

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe Prelude
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-32004 MEDIUM This Month

This issue affects: Secomea GateManager All versions prior to 9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-43560 MEDIUM PATCH This Month

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy