Skip to main content
CVE-2021-43844 HIGH POC This Week

MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Msedgeredirect
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2021-36887 HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js - Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Tarteaucitron Js Cookies Legislation Gdpr
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43843 HIGH POC PATCH This Week

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jsx Slack
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-3860 HIGH PATCH This Week

JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Artifactory
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-35234 HIGH This Week

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Orion Platform
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-22057 HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass VMware Workspace One Access
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-43437 HIGH This Week

In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Engineers Online Portal
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-44224 HIGH PATCH This Week

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Apache Denial Of Service SSRF Http Server +10
NVD
CVSS 3.1
8.2
EPSS
82.3%
CVE-2021-44181 HIGH PATCH This Week

Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Dimension
NVD
CVSS 3.0
7.8
EPSS
3.1%
CVE-2021-44180 HIGH PATCH This Week

Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Dimension
NVD
CVSS 3.0
7.8
EPSS
3.1%
CVE-2021-44179 HIGH PATCH This Week

Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Dimension
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2021-43747 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43029 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43028 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43026 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43025 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43024 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43023 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2021-43022 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-43021 HIGH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-42809 HIGH This Week

Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Sentinel Protection Installer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-40784 HIGH PATCH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2021-40783 HIGH PATCH This Week

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Rush
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2021-38419 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-38415 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-38413 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-38409 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-38401 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-22056 HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41561 HIGH PATCH This Week

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files.9.0 and later versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Parquet Java
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-44858 HIGH PATCH This Week

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Mediawiki
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-42913 HIGH This Week

The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Syncthru Web Service
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-44162 HIGH This Week

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qb Smart Service Robot
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-35244 HIGH This Week

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.8%
CVE-2021-38421 HIGH PATCH This Week

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure V Server V Simulator
NVD
CVSS 3.1
7.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy