Skip to main content
CVE-2021-38003 HIGH POC KEV THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
36.2%
CVE-2021-24892 HIGH POC PATCH This Week

Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Advanced Forms
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-43775 HIGH POC PATCH This Week

Aim is an open-source, self-hosted machine learning experiment tracking tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Aim
NVD GitHub
CVSS 3.1
8.6
EPSS
1.8%
CVE-2021-24641 HIGH POC This Week

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Images To Webp
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-35033 HIGH POC This Week

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Nbg6818 Firmware Nbg7815 Firmware Wsq20 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-24644 HIGH POC This Week

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Images To Webp
NVD WPScan
CVSS 3.1
7.5
EPSS
5.0%
CVE-2021-24877 HIGH POC This Week

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Mainwp Child
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-38001 HIGH This Week

Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
26.7%
CVE-2021-37998 HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-37997 HIGH This Week

Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-36335 HIGH PATCH This Week

Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Cloud Link
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-37102 HIGH This Week

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fusioncompute
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-40830 HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Node.js Java Amazon Web Services Aws C Io +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40829 HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Apple Information Disclosure Node.js Java +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40828 HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Microsoft Information Disclosure Node.js Java +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-36300 HIGH PATCH This Week

iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Information Disclosure Emc Idrac9 Firmware
NVD
CVSS 3.1
8.2
EPSS
33.3%
CVE-2021-36299 HIGH PATCH This Week

Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Dell SQLi Denial Of Service Information Disclosure Emc Idrac9 Firmware
NVD
CVSS 3.1
8.1
EPSS
29.6%
CVE-2021-36311 HIGH PATCH This Week

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Authentication Bypass Emc Networker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-43019 HIGH PATCH This Week

Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Adobe Creative Cloud Desktop Application
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-35052 HIGH This Week

A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39976 HIGH This Week

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cloudengine 5800 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41281 HIGH PATCH This Week

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Synapse Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-38891 HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-38890 HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-37035 HIGH This Week

There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37034 HIGH This Week

There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37033 HIGH This Week

There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Code Injection Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37031 HIGH This Week

There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37030 HIGH This Week

There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37026 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37025 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37024 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37019 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37018 HIGH This Week

There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37017 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37015 HIGH This Week

There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37012 HIGH This Week

There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37010 HIGH This Week

There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37009 HIGH This Week

There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37008 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37007 HIGH This Week

There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37006 HIGH This Week

There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37005 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37004 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37003 HIGH This Week

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20601 HIGH This Week

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Softgot2000 Got Simple Gs2110 Wtbd Firmware Got Simple Gs2107 Wtbd Firmware Got2000 Gt2104 Rtbd Firmware +46
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-36313 HIGH This Week

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-36301 HIGH PATCH This Week

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Dell Stack Overflow Emc Idrac8 Firmware Emc Idrac9 Firmware
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-40831 HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Authentication Bypass Apple Node.js Java +2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy