Skip to main content
CVE-2021-43137 HIGH POC This Week

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP XSS Hostel Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-4017 HIGH POC PATCH This Week

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-40809 HIGH POC This Week

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jamf
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-38575 HIGH POC This Week

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Edk2 Kernel
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-4019 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Neovim Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3984 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-41039 HIGH POC This Week

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mosquitto
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20864 HIGH This Week

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-20861 HIGH This Week

Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-20860 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-20851 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Browser And Operating System Finder
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-43360 HIGH This Week

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Ehrd
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-43359 HIGH This Week

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Ehrd
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-44480 HIGH This Week

Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Wokka Watch Q50 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-20863 HIGH This Week

OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2021-20859 HIGH This Week

ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-42711 HIGH This Week

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Barracuda Privilege Escalation Network Access Client
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32592 HIGH This Week

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Forticlient Forticlient Enterprise Management Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-42776 HIGH This Week

CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cloverdx
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2021-20400 HIGH PATCH This Week

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20611 HIGH This Week

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq R R00 Cpu Firmware Melsec Iq R R01 Cpu Firmware Melsec Iq R R02 Cpu Firmware Melsec Iq R R04 Cpu Firmware +51
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-20610 HIGH This Week

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq R R00 Cpu Firmware Melsec Iq R R01 Cpu Firmware Melsec Iq R R02 Cpu Firmware Melsec Iq R R04 Cpu Firmware +51
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-20609 HIGH This Week

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Iq R R00 Cpu Firmware Melsec Iq R R01 Cpu Firmware Melsec Iq R R02 Cpu Firmware Melsec Iq R R04 Cpu Firmware +51
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-43358 HIGH This Week

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ehrd
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-34599 HIGH This Week

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git
NVD
CVSS 3.1
7.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy