Skip to main content
CVE-2021-20039 HIGH POC THREAT Act Now

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware Sma 400 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
78.1%
CVE-2021-27860 HIGH POC KEV THREAT This Week

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ipvpn Firmware Warp Firmware Mpvpn Firmware
NVD
CVSS 3.1
8.8
EPSS
39.8%
CVE-2021-43399 HIGH POC This Week

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Yubihsm 2 Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-21957 HIGH POC This Week

A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Command Injection Remote Connector
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2021-43809 HIGH POC PATCH This Week

`Bundler` is a package for managing application dependencies in Ruby. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

RCE Command Injection Bundler
NVD GitHub
CVSS 3.1
7.3
EPSS
2.8%
CVE-2021-40861 HIGH POC This Week

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Intelligent Workload Distribution Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-40860 HIGH POC This Week

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Intelligent Workload Distribution Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-42835 HIGH POC This Week

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

RCE Media Server
NVD
CVSS 3.1
7.0
EPSS
1.2%
CVE-2021-43539 HIGH This Week

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-43537 HIGH This Week

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-43535 HIGH This Week

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-43534 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-38510 HIGH This Week

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-38504 HIGH This Week

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-36719 HIGH This Week

PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Mail Secure
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-41017 HIGH PATCH This Week

Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Fortinet Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-36195 HIGH PATCH This Week

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Fortinet Command Injection Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36173 HIGH PATCH This Week

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Fortinet Fortios
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-42760 HIGH PATCH This Week

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Fortinet Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-26103 HIGH PATCH This Week

An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-42758 HIGH PATCH This Week

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Fortiwlc
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-36180 HIGH PATCH This Week

Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Fortinet Command Injection Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-20044 HIGH This Week

A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sonicwall Sma 200 Firmware Sma 210 Firmware Sma 410 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
40.1%
CVE-2021-20043 HIGH This Week

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sonicwall Sma 200 Firmware Sma 210 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
23.3%
CVE-2021-43978 HIGH PATCH This Week

Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Microsoft Information Disclosure Allegro
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-37074 HIGH This Week

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Privilege Escalation Race Condition Harmonyos Emui +1
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-41450 HIGH This Week

An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling TP-Link Archer Ax10 V1 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-43811 HIGH PATCH This Week

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Sockeye
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-37941 HIGH PATCH This Week

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Apm Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-42110 HIGH PATCH This Week

An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Privilege Escalation Allegro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25517 HIGH This Week

An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-25512 HIGH This Week

An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-25511 HIGH This Week

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-25510 HIGH This Week

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-41027 HIGH PATCH This Week

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Fortinet Fortiweb
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-26110 HIGH This Week

An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-20047 HIGH This Week

SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Global Vpn Client
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-23859 HIGH This Week

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bosch Video Management System Video Recording Manager Access Easy Controller Firmware Access Professional Edition +2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-41090 HIGH PATCH This Week

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Grafana Information Disclosure Agent
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37097 HIGH This Week

There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Code Injection Harmonyos Emui +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37092 HIGH This Week

There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37075 HIGH This Week

There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37054 HIGH This Week

There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37053 HIGH This Week

There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37052 HIGH This Week

There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37050 HIGH This Week

There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-37044 HIGH This Week

There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37037 HIGH This Week

There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-25516 HIGH This Week

An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-41024 HIGH PATCH This Week

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
7.5
EPSS
1.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy