Skip to main content
CVE-2021-23803 CRITICAL POC PATCH Act Now

This affects the package latte/latte before 2.10.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Latte
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-23797 CRITICAL POC Act Now

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Http Server Node
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-23450 CRITICAL POC PATCH THREAT Act Now

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dojo Communications Policy Management Primavera Unifier +2
NVD GitHub
CVSS 3.1
9.8
EPSS
30.4%
CVE-2021-41500 HIGH POC PATCH This Week

Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cvxopt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41499 HIGH POC PATCH This Week

Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pyo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-41498 HIGH POC PATCH This Week

Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Pyo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-41497 HIGH POC This Week

Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bounter
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43838 HIGH POC PATCH This Week

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jsx Slack
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22054 HIGH POC KEV PATCH THREAT This Week

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Workspace One Uem Console
NVD
CVSS 3.1
7.5
EPSS
97.7%
CVE-2021-41843 MEDIUM POC THREAT This Month

An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Openemr
NVD
CVSS 3.1
6.5
EPSS
13.7%
CVE-2021-43678 MEDIUM POC This Month

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wechat Php Sdk
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40850 CRITICAL Act Now

TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gim
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-36779 CRITICAL Act Now

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Longhorn
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2021-41496 MEDIUM POC PATCH This Month

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Numpy
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42584 MEDIUM POC PATCH This Month

A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Convos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-4132 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41495 MEDIUM POC PATCH This Month

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Numpy
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-34141 MEDIUM POC PATCH This Month

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Numpy Communications Cloud Native Core Policy
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-33430 MEDIUM POC PATCH This Month

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Python Denial Of Service Numpy
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-23814 HIGH PATCH This Week

This affects versions of the package unisharp/laravel-filemanager before 2.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Laravel Filemanager
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-32498 HIGH PATCH This Week

SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Path Traversal Sopas Engineering Tool
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2021-32497 HIGH PATCH This Week

SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sopas Engineering Tool
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2021-41451 HIGH This Week

A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Request Smuggling Information Disclosure Archer Ax10 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-36780 HIGH This Week

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Longhorn
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-4011 HIGH This Week

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-4010 HIGH This Week

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-4009 HIGH This Week

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-4008 HIGH This Week

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-0673 HIGH This Week

In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-44035 HIGH This Week

Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teammate Audit Management
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-40851 HIGH This Week

TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gim
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-32499 HIGH PATCH This Week

SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sopas Engineering Tool
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-20608 HIGH This Week

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works2
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-40853 HIGH This Week

TCMAN GIM does not perform an authorization check when trying to access determined resources. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gim
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2021-0903 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0901 MEDIUM This Month

In apusys, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0899 MEDIUM This Month

In apusys, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0898 MEDIUM This Month

In apusys, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0897 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0896 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0895 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0894 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0893 MEDIUM This Month

In apusys, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0679 MEDIUM This Month

In apusys, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0678 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-43840 MEDIUM PATCH This Month

message_bus is a messaging bus for Ruby processes and web clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Nginx Path Traversal Message Bus
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-44145 MEDIUM PATCH This Month

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Nifi
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-44857 MEDIUM This Month

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mediawiki
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-40852 MEDIUM This Month

TCMAN GIM is affected by an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Gim
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-37863 MEDIUM This Month

Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
5.7
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy