Skip to main content
CVE-2021-44732 CRITICAL POC Act Now

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mbed Tls Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-44790 CRITICAL POC PATCH THREAT Act Now

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Memory Corruption Http Server Fedora +11
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2021-43844 HIGH POC This Week

MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Msedgeredirect
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2021-36887 HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js - Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Tarteaucitron Js Cookies Legislation Gdpr
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43843 HIGH POC PATCH This Week

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jsx Slack
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-43847 MEDIUM POC PATCH This Month

HumHub is an open-source social network kit written in PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Humhub
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-44916 MEDIUM POC PATCH This Month

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Open Audit
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.7%
CVE-2021-43439 CRITICAL Act Now

RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iresturant
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-44525 CRITICAL Act Now

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Pam360
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-44676 CRITICAL Act Now

Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Access Manager Plus
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-44675 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho Authentication Bypass Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2021-44164 CRITICAL Act Now

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Qb Smart Service Robot
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-44159 CRITICAL Act Now

4MOSAn GCB Doctor’s file upload function has improper user privilege control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gcb Doctor
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-44263 MEDIUM POC This Month

Gurock TestRail before 7.2.4 mishandles HTML escaping. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testrail
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-44554 MEDIUM POC This Month

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Thinfinity Virtualui
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-3860 HIGH PATCH This Week

JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Artifactory
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-35234 HIGH This Week

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Orion Platform
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-22057 HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass VMware Workspace One Access
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-43437 HIGH This Week

In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Engineers Online Portal
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-43846 MEDIUM POC PATCH This Month

`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Solidus
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-44224 HIGH PATCH This Week

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Apache Denial Of Service SSRF Http Server +10
NVD
CVSS 3.1
8.2
EPSS
82.3%
CVE-2021-44181 HIGH PATCH This Week

Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Dimension
NVD
CVSS 3.0
7.8
EPSS
3.1%
CVE-2021-44180 HIGH PATCH This Week

Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Dimension
NVD
CVSS 3.0
7.8
EPSS
3.1%
CVE-2021-44179 HIGH PATCH This Week

Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Dimension
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2021-43747 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43029 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43028 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43026 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43025 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43024 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43023 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2021-43022 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43021 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-42809 HIGH This Week

Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Sentinel Protection Installer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-40784 HIGH PATCH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2021-40783 HIGH PATCH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2021-38419 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-38415 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-38413 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-38409 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-38401 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-22056 HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41561 HIGH PATCH This Week

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files.9.0 and later versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Parquet Java
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-44858 HIGH PATCH This Week

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Mediawiki
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-42913 HIGH This Week

The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Syncthru Web Service
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-44162 HIGH This Week

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qb Smart Service Robot
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-35244 HIGH This Week

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.8%
CVE-2021-38421 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure V Server V Simulator
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2021-42808 MEDIUM This Month

Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Sentinel Protection Installer
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-42138 MEDIUM This Month

A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Safenet Windows Logon Agent
NVD
CVSS 3.1
6.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy