Skip to main content
CVE-2021-38008 HIGH POC This Week

Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-45469 HIGH POC This Week

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Information Disclosure Linux Kernel Fedora +9
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-4118 HIGH POC PATCH This Week

pytorch-lightning is vulnerable to Deserialization of Untrusted Data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Pytorch Lightning
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-45470 HIGH POC PATCH This Week

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cve Search
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-43854 HIGH POC PATCH This Week

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Nltk
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-44600 HIGH POC This Week

The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Online Men S Salon Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-44599 HIGH POC This Week

The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Enrollment Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-44273 HIGH POC PATCH This Week

e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

OpenSSL Information Disclosure E2Guardian
NVD GitHub
CVSS 3.1
7.4
EPSS
1.0%
CVE-2021-3621 HIGH PATCH This Week

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Sssd Virtualization Virtualization Host Enterprise Linux +4
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-4144 HIGH This Week

TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Wr802N Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-4079 HIGH This Week

Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-4078 HIGH This Week

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-4067 HIGH This Week

Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-4066 HIGH This Week

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-4065 HIGH This Week

Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-4064 HIGH This Week

Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-4063 HIGH This Week

Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-4062 HIGH This Week

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-4061 HIGH This Week

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-4058 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-4057 HIGH This Week

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-4056 HIGH This Week

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-4055 HIGH This Week

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-4053 HIGH This Week

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-4052 HIGH This Week

Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38017 HIGH This Week

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38016 HIGH This Week

Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38015 HIGH This Week

Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-38014 HIGH This Week

Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38012 HIGH This Week

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38011 HIGH This Week

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38007 HIGH This Week

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38006 HIGH This Week

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-38005 HIGH This Week

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-23175 HIGH This Week

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Authentication Bypass Geforce Experience
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-40161 HIGH PATCH This Week

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Revit Navisworks +11
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-40160 HIGH PATCH This Week

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow RCE Information Disclosure Revit Navisworks +11
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-45463 HIGH PATCH This Week

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Gegl Gimp Enterprise Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-44542 HIGH This Week

A memory leak vulnerability was found in Privoxy when handling errors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Privoxy
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-44541 HIGH This Week

A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Privoxy
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-44540 HIGH This Week

A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Privoxy
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-43989 HIGH This Week

mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mypro
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-35243 HIGH This Week

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Web Help Desk
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-45462 HIGH PATCH This Week

In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2021-20050 HIGH This Week

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sma 100 Firmware Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20049 HIGH This Week

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Sma 100 Firmware Sma 200 Firmware Sma 210 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3584 HIGH PATCH This Week

A server side remote code execution vulnerability was found in Foreman project. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Foreman Satellite
NVD GitHub
CVSS 3.1
7.2
EPSS
3.9%
CVE-2021-20318 HIGH This Week

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jboss Enterprise Application Platform
NVD
CVSS 3.1
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy