Skip to main content
CVE-2021-45017 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Google Catfish Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-44657 HIGH POC PATCH This Week

In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Stackstorm
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-45078 HIGH POC This Week

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Binutils Fedora +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-43518 HIGH POC This Week

Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Teeworlds Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-43326 HIGH POC This Week

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Automox
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-40827 HIGH POC This Week

Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Memory Corruption RCE Clementine
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-40826 HIGH POC This Week

Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service RCE Clementine
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-43831 HIGH POC PATCH This Week

Gradio is an open source framework for building interactive machine learning models and demos. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gradio
NVD GitHub
CVSS 3.1
7.7
EPSS
3.8%
CVE-2021-45043 HIGH POC THREAT This Week

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hd Network Real Time Monitoring System
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
33.1%
CVE-2021-4110 HIGH POC PATCH This Week

mruby is vulnerable to NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Mruby
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-43890 HIGH POC KEV PATCH THREAT This Week

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Microsoft Information Disclosure App Installer
NVD GitHub
CVSS 3.1
7.1
EPSS
10.3%
CVE-2021-43836 HIGH PATCH This Week

Sulu is an open-source PHP content management system based on the Symfony framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP RCE Path Traversal Sulu
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-43806 HIGH PATCH This Week

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Tuleap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-27859 HIGH This Week

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Authentication Bypass Ipvpn Firmware Mpvpn Firmware Warp Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-27855 HIGH This Week

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ipvpn Firmware Warp Firmware Mpvpn Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-0968 HIGH PATCH This Week

In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Integer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-0967 HIGH PATCH This Week

In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google Information Disclosure Android
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-0965 HIGH PATCH This Week

In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-0930 HIGH This Week

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-0918 HIGH This Week

In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-43877 HIGH PATCH This Week

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Asp Net Core Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-42315 HIGH PATCH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Defender For Iot
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-42314 HIGH PATCH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Defender For Iot
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-42309 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-41365 HIGH PATCH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE SQLi Microsoft Defender For Iot
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-41870 HIGH This Week

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Remote View Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-43875 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-0933 HIGH This Week

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Java Android
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-43256 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Excel Rt +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-39653 HIGH This Week

In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-39651 HIGH PATCH This Week

In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-39640 HIGH PATCH This Week

In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1048 HIGH KEV PATCH THREAT This Week

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1044 HIGH PATCH This Week

In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1040 HIGH PATCH This Week

In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1039 HIGH PATCH This Week

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1029 HIGH This Week

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1028 HIGH This Week

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1027 HIGH This Week

In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1017 HIGH This Week

In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1004 HIGH This Week

In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1003 HIGH This Week

In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0999 HIGH PATCH This Week

In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0985 HIGH PATCH This Week

In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0984 HIGH PATCH This Week

In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0981 HIGH PATCH This Week

In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0970 HIGH PATCH This Week

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Google Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0953 HIGH This Week

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0932 HIGH This Week

In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0929 HIGH This Week

In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy