Skip to main content
CVE-2021-41716 CRITICAL POC Act Now

Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Mahavitaran
NVD VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-40859 CRITICAL POC THREAT Act Now

Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Compact 5500R Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
72.0%
CVE-2021-44685 CRITICAL POC Act Now

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git It
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-44684 CRITICAL POC Act Now

naholyr github-todos 3.1.0 is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Github Todos
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-42688 HIGH POC This Week

An Integer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Integer Overflow Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42687 HIGH POC This Week

A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Denial Of Service RCE Hyworks Windows Client
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42686 HIGH POC This Week

An Integer Overflow exists in Accops HyWorks Windows Client prior to v 3.2.8.200. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Integer Overflow Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42685 HIGH POC This Week

An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 . Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Hyworks Dvm Tools
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42683 HIGH POC This Week

A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Denial Of Service RCE Hyworks Windows Client
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42682 HIGH POC This Week

An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Hyworks Dvm Tools
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42681 HIGH POC This Week

A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Hyworks Dvm Tools
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43638 HIGH POC This Week

Amazon Amazon WorkSpaces agent is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Workspaces
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43637 HIGH POC This Week

Amazon WorkSpaces agent is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Workspaces
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43006 HIGH POC This Week

AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Zportal Dvm Tools
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43003 HIGH POC This Week

Amzetta zPortal Windows zClient is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Integer Overflow Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43002 HIGH POC This Week

Amzetta zPortal DVM Tools is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Zportal Dvm Tools
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43000 HIGH POC This Week

Amzetta zPortal Windows zClient is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Denial Of Service RCE Zportal Windows Zclient
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42996 HIGH POC This Week

Donglify is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Donglify
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42994 HIGH POC This Week

Donglify is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Donglify
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42993 HIGH POC This Week

FlexiHub For Windows is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Integer Overflow Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42990 HIGH POC This Week

FlexiHub For Windows is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Denial Of Service RCE Flexihub
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42988 HIGH POC This Week

Eltima USB Network Gate is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Usb Network Gate
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42987 HIGH POC This Week

Eltima USB Network Gate is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Usb Network Gate
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42986 HIGH POC This Week

NoMachine Enterprise Client is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Enterprise Client
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42983 HIGH POC This Week

NoMachine Enterprise Client is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Enterprise Client
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42980 HIGH POC This Week

NoMachine Cloud Server is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Cloud Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42979 HIGH POC This Week

NoMachine Cloud Server is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Cloud Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42977 HIGH POC This Week

NoMachine Enterprise Desktop is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Enterprise Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42976 HIGH POC This Week

NoMachine Enterprise Desktop is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Enterprise Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42973 HIGH POC This Week

NoMachine Server is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42972 HIGH POC This Week

NoMachine Server is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43176 HIGH POC This Week

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Goautodial Goautodial Api
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-28680 HIGH POC PATCH This Week

The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Devise Masquerade
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-42717 HIGH POC PATCH This Week

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Information Disclosure Modsecurity Nginx Modsecurity Waf Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-34543 HIGH POC This Week

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Solar Log 500 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-43798 HIGH POC KEV PATCH THREAT This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Grafana Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
88.8%
CVE-2021-43805 HIGH POC PATCH This Week

Solidus is a free, open-source ecommerce platform built on Rails. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Solidus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-43175 HIGH POC This Week

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Goautodial Goautodial Api
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-44686 HIGH POC PATCH This Week

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Calibre Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
5.0%
CVE-2021-40578 HIGH POC This Week

Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Enrollment Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-34544 MEDIUM POC This Month

An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Solar Log 500 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-4049 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-44148 MEDIUM POC This Month

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gl Ar150 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43810 MEDIUM POC PATCH This Month

Admidio is a free open source user management system for websites of organizations and groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Admidio
NVD GitHub
CVSS 3.1
6.1
EPSS
5.8%
CVE-2021-42567 MEDIUM POC PATCH This Month

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Central Authentication Service
NVD GitHub
CVSS 3.1
6.1
EPSS
8.1%
CVE-2021-38759 CRITICAL POC THREAT Act Now

Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Raspberry Pi Os Lite
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
15.7%
CVE-2021-24041 CRITICAL Act Now

A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Google Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-43789 CRITICAL PATCH Act Now

PrestaShop is an Open Source e-commerce web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Prestashop
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-37095 CRITICAL Act Now

There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Integer Overflow Denial Of Service RCE Harmonyos
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-37084 CRITICAL Act Now

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy