Skip to main content
CVE-2021-40282 HIGH POC This Week

An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-40281 HIGH POC This Week

An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-20144 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20143 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20142 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20141 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20140 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-20139 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-20138 HIGH POC This Week

An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-43065 HIGH POC This Week

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Information Disclosure Fortinac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-21955 HIGH POC This Week

An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eufy Homebase 2 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20145 HIGH POC This Week

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gryphon Tower Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-40280 HIGH POC This Week

An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-40279 HIGH POC This Week

An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-43802 HIGH PATCH This Week

Etherpad is a real-time collaborative editor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Etherpad
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-41265 HIGH PATCH This Week

Flask-AppBuilder is a development framework built on top of Flask. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Flask Appbuilder
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-22568 HIGH PATCH This Week

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dart Software Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-41246 HIGH PATCH This Week

Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation Express Openid Connect
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-43071 HIGH PATCH This Week

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Fortinet Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-36194 HIGH PATCH This Week

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Fortinet Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-29678 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Microsoft Authentication Bypass Db2 Oncommand Insight
NVD
CVSS 3.1
8.7
EPSS
1.1%
CVE-2021-43068 HIGH PATCH This Week

A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Fortinet Authentication Bypass Fortiauthenticator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-43982 HIGH This Week

Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Cncsoft
NVD
CVSS 3.1
7.8
EPSS
9.6%
CVE-2021-37861 HIGH This Week

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-39002 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Db2 Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-38951 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-20373 HIGH PATCH This Week

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Db2
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41449 HIGH This Week

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Netgear Path Traversal Rax35 Firmware Rax38 Firmware Rax40 Firmware
NVD VulDB
CVSS 3.1
7.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy