Skip to main content
CVE-2021-33274 CRITICAL POC Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-33271 CRITICAL POC Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-33270 CRITICAL POC Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-33269 CRITICAL POC Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-33268 CRITICAL POC Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-33267 CRITICAL POC Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-33266 CRITICAL POC THREAT Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
16.9%
CVE-2021-33265 CRITICAL POC THREAT Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.7%
CVE-2021-43451 CRITICAL POC Act Now

SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Record Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-44280 CRITICAL POC Act Now

attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Attendance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-3994 CRITICAL POC PATCH Act Now

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XSS Django Helpdesk
NVD GitHub
CVSS 3.1
9.6
EPSS
1.4%
CVE-2021-3985 CRITICAL POC PATCH Act Now

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kimai2
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2021-43137 HIGH POC This Week

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP XSS Hostel Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-4017 HIGH POC PATCH This Week

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-40809 HIGH POC This Week

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jamf
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-38575 HIGH POC This Week

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Edk2 Kernel
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-4019 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Neovim Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3984 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-41039 HIGH POC This Week

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mosquitto
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3993 MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3992 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Improper Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kimai2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-3990 MEDIUM POC PATCH This Month

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-43687 MEDIUM POC PATCH This Month

chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Chamilo
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-43689 MEDIUM POC This Month

manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Manage
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44279 MEDIUM POC This Month

Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44277 MEDIUM POC This Month

Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43690 MEDIUM POC This Month

YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Yurunproxy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-3983 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Kimai2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3989 MEDIUM POC PATCH This Month

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-26334 CRITICAL Act Now

The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Amd Privilege Escalation Authentication Bypass Amd Uprof
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2021-3964 MEDIUM POC PATCH This Month

elgg is vulnerable to Authorization Bypass Through User-Controlled Key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Elgg
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-43685 CRITICAL Act Now

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Libretime Hv
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-4018 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20864 HIGH This Week

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-20861 HIGH This Week

Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-20860 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-20851 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Browser And Operating System Finder
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-43360 HIGH This Week

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Ehrd
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-43359 HIGH This Week

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Ehrd
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-4015 MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-44480 HIGH This Week

Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Wokka Watch Q50 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-20863 HIGH This Week

OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2021-20859 HIGH This Week

ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-42711 HIGH This Week

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Barracuda Privilege Escalation Network Access Client
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32592 HIGH This Week

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Forticlient Forticlient Enterprise Management Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-42776 HIGH This Week

CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cloverdx
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2021-20400 HIGH PATCH This Week

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20611 HIGH This Week

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq R R00 Cpu Firmware Melsec Iq R R01 Cpu Firmware Melsec Iq R R02 Cpu Firmware Melsec Iq R R04 Cpu Firmware +51
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-20610 HIGH This Week

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq R R00 Cpu Firmware Melsec Iq R R01 Cpu Firmware Melsec Iq R R02 Cpu Firmware Melsec Iq R R04 Cpu Firmware +51
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-20609 HIGH This Week

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Iq R R00 Cpu Firmware Melsec Iq R R01 Cpu Firmware Melsec Iq R R02 Cpu Firmware Melsec Iq R R04 Cpu Firmware +51
NVD
CVSS 3.1
7.5
EPSS
3.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy