Skip to main content
CVE-2021-41500 HIGH POC PATCH This Week

Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cvxopt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41499 HIGH POC PATCH This Week

Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pyo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-41498 HIGH POC PATCH This Week

Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Pyo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-41497 HIGH POC This Week

Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bounter
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43838 HIGH POC PATCH This Week

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jsx Slack
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22054 HIGH POC KEV PATCH THREAT This Week

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Workspace One Uem Console
NVD
CVSS 3.1
7.5
EPSS
97.7%
CVE-2021-23814 HIGH PATCH This Week

This affects versions of the package unisharp/laravel-filemanager before 2.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Laravel Filemanager
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-32498 HIGH PATCH This Week

SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Path Traversal Sopas Engineering Tool
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2021-32497 HIGH PATCH This Week

SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sopas Engineering Tool
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2021-41451 HIGH This Week

A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Request Smuggling Information Disclosure Archer Ax10 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-36780 HIGH This Week

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Longhorn
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-4011 HIGH This Week

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-4010 HIGH This Week

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-4009 HIGH This Week

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-4008 HIGH This Week

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-0673 HIGH This Week

In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-44035 HIGH This Week

Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teammate Audit Management
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-40851 HIGH This Week

TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gim
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-32499 HIGH PATCH This Week

SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sopas Engineering Tool
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-20608 HIGH This Week

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works2
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-40853 HIGH This Week

TCMAN GIM does not perform an authorization check when trying to access determined resources. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gim
NVD
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy