Skip to main content
CVE-2021-44529 CRITICAL POC KEV PATCH THREAT Act Now

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Ivanti Endpoint Manager Cloud Services Appliance
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.1%
CVE-2021-20039 HIGH POC THREAT Act Now

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware Sma 400 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
78.1%
CVE-2021-21951 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Eufy Homebase 2 Firmware
NVD
CVSS 3.1
10.0
EPSS
2.4%
CVE-2021-21950 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Eufy Homebase 2 Firmware
NVD
CVSS 3.1
10.0
EPSS
2.4%
CVE-2021-3815 CRITICAL POC PATCH Act Now

utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Utils Js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-20038 CRITICAL POC KEV THREAT Act Now

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apache Stack Overflow Sma 200 Firmware Sma 210 Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-27860 HIGH POC KEV THREAT This Week

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ipvpn Firmware Warp Firmware Mpvpn Firmware
NVD
CVSS 3.1
8.8
EPSS
39.8%
CVE-2021-43399 HIGH POC This Week

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Yubihsm 2 Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-21957 HIGH POC This Week

A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Command Injection Remote Connector
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2021-43809 HIGH POC PATCH This Week

`Bundler` is a package for managing application dependencies in Ruby. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

RCE Command Injection Bundler
NVD GitHub
CVSS 3.1
7.3
EPSS
2.8%
CVE-2021-40861 HIGH POC This Week

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Intelligent Workload Distribution Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-40860 HIGH POC This Week

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Intelligent Workload Distribution Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-42835 HIGH POC This Week

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

RCE Media Server
NVD
CVSS 3.1
7.0
EPSS
1.2%
CVE-2021-4050 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-43808 MEDIUM POC PATCH This Month

Laravel is a web application framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-38503 CRITICAL Act Now

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
10.0
EPSS
3.8%
CVE-2021-43527 CRITICAL PATCH Act Now

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla Nss Nss Esr +8
NVD
CVSS 3.1
9.8
EPSS
17.6%
CVE-2021-41025 CRITICAL PATCH Act Now

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Race Condition Authentication Bypass Fortiweb
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41063 CRITICAL Act Now

SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Aanderaa Geoview
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-37049 CRITICAL Act Now

There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Harmonyos Emui +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-37045 CRITICAL Act Now

There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Harmonyos +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-37040 CRITICAL Act Now

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Harmonyos Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-26109 CRITICAL PATCH Act Now

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Fortinet RCE Fortios
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-20045 CRITICAL Act Now

A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware Sma 400 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
25.2%
CVE-2021-20042 CRITICAL Act Now

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware Sma 400 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-4048 CRITICAL PATCH Act Now

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Lapack Openblas Julia +5
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2021-41030 CRITICAL PATCH Act Now

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Authentication Bypass Forticlient Enterprise Management Server
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-37051 CRITICAL Act Now

There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Harmonyos Emui +1
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2021-44557 CRITICAL PATCH Act Now

National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Multiner
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-44556 CRITICAL PATCH Act Now

National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Digger
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-43539 HIGH This Week

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-43537 HIGH This Week

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-43535 HIGH This Week

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-43534 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-38510 HIGH This Week

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-38504 HIGH This Week

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-36719 HIGH This Week

PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Mail Secure
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-41017 HIGH PATCH This Week

Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Fortinet Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-36195 HIGH PATCH This Week

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Fortinet Command Injection Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36173 HIGH PATCH This Week

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Fortinet Fortios
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-42760 HIGH PATCH This Week

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Fortinet Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-26103 HIGH PATCH This Week

An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-42758 HIGH PATCH This Week

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Fortiwlc
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-36180 HIGH PATCH This Week

Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Fortinet Command Injection Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-20044 HIGH This Week

A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sonicwall Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
40.1%
CVE-2021-20043 HIGH This Week

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sonicwall Sma 200 Firmware Sma 210 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
23.3%
CVE-2021-43978 HIGH PATCH This Week

Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Microsoft Information Disclosure Allegro
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-37074 HIGH This Week

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Privilege Escalation Race Condition Harmonyos Emui +1
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-41450 HIGH This Week

An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling TP-Link Archer Ax10 V1 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-43811 HIGH PATCH This Week

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Sockeye
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy