Skip to main content
CVE-2021-32993 HIGH This Week

IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellibridge Ec40 Firmware Intellibridge Ec80 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-24992 MEDIUM POC This Month

The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Buttonizer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24902 MEDIUM POC This Month

The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Typebot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-21751 HIGH This Week

ZTE BigVideo analysis product has an input verification vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxin10 Cms
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-45710 HIGH PATCH This Week

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Race Condition Tokio
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-45704 HIGH PATCH This Week

An issue was discovered in the metrics-util crate before 0.7.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Race Condition Metrics Util
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-23244 HIGH This Week

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-21750 HIGH This Week

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zte Privilege Escalation Authentication Bypass Zxin10 Cms
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-4161 HIGH This Week

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mgate Mb3180 Firmware Mgate Mb3280 Firmware Mgate Mb3480 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-24998 HIGH PATCH This Week

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP Information Disclosure Simple Jwt Login
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-45711 HIGH PATCH This Week

An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simple Asn1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-45708 HIGH This Week

An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Abomonation
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-45702 HIGH PATCH This Week

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Tremor Script
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45700 HIGH PATCH This Week

An issue was discovered in the ckb crate before 0.40.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ckb
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45699 HIGH PATCH This Week

An issue was discovered in the ckb crate before 0.40.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ckb
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-45694 HIGH This Week

An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rdiff
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45681 HIGH PATCH This Week

An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Derive Com Impl
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45680 HIGH PATCH This Week

An issue was discovered in the vec-const crate before 2.0.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vec Const
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-43550 MEDIUM This Month

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix Efficia Cm Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-43548 MEDIUM This Month

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-45895 MEDIUM PATCH This Month

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tags Bundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-35232 MEDIUM This Month

Hard coded credentials discovered in SolarWinds Web Help Desk product. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Webhelpdesk
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-38961 MEDIUM This Month

IBM OPENBMC OP910 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Power System Ac922 8335 Gtg Firmware Power System Ac922 8335 Gtc Firmware Power System Ac922 8335 Gtw Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43552 MEDIUM This Month

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix
NVD
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy