Skip to main content
CVE-2021-44529 CRITICAL POC KEV PATCH THREAT Act Now

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Ivanti Endpoint Manager Cloud Services Appliance
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.1%
CVE-2021-21951 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Eufy Homebase 2 Firmware
NVD
CVSS 3.1
10.0
EPSS
2.4%
CVE-2021-21950 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Eufy Homebase 2 Firmware
NVD
CVSS 3.1
10.0
EPSS
2.4%
CVE-2021-3815 CRITICAL POC PATCH Act Now

utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Utils Js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-20038 CRITICAL POC KEV THREAT Act Now

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apache Stack Overflow Sma 200 Firmware Sma 210 Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-38503 CRITICAL Act Now

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
10.0
EPSS
3.8%
CVE-2021-43527 CRITICAL PATCH Act Now

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla Nss Nss Esr +8
NVD
CVSS 3.1
9.8
EPSS
17.6%
CVE-2021-41025 CRITICAL PATCH Act Now

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Race Condition Authentication Bypass Fortiweb
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41063 CRITICAL Act Now

SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Aanderaa Geoview
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-37049 CRITICAL Act Now

There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Harmonyos Emui +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-37045 CRITICAL Act Now

There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Harmonyos +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-37040 CRITICAL Act Now

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Harmonyos Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-26109 CRITICAL PATCH Act Now

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Fortinet RCE Fortios
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-20045 CRITICAL Act Now

A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware Sma 400 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
25.2%
CVE-2021-20042 CRITICAL Act Now

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware Sma 400 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-4048 CRITICAL PATCH Act Now

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Lapack Openblas Julia +5
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2021-41030 CRITICAL PATCH Act Now

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Authentication Bypass Forticlient Enterprise Management Server
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-37051 CRITICAL Act Now

There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Harmonyos Emui +1
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2021-44557 CRITICAL PATCH Act Now

National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Multiner
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-44556 CRITICAL PATCH Act Now

National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Digger
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy