Skip to main content
CVE-2021-45896 HIGH POC This Week

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Nokia Fastmile Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-43857 HIGH POC PATCH THREAT This Week

Gerapy is a distributed crawler management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Gerapy
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
55.3%
CVE-2021-45337 HIGH POC This Week

Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-45336 HIGH POC This Week

Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-45335 HIGH POC This Week

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-45339 HIGH POC This Week

Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Antivirus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-45338 HIGH POC This Week

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-4173 HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-45884 HIGH POC PATCH This Week

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brave
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-24753 HIGH POC PATCH This Week

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Rich Review
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-43858 HIGH PATCH This Week

MinIO is a Kubernetes native application for cloud storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Kubernetes Privilege Escalation Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
35.5%
CVE-2021-33017 HIGH This Week

The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellibridge Ec40 Firmware Intellibridge Ec80 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-32993 HIGH This Week

IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellibridge Ec40 Firmware Intellibridge Ec80 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-21751 HIGH This Week

ZTE BigVideo analysis product has an input verification vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxin10 Cms
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-45710 HIGH PATCH This Week

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Race Condition Tokio
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-45704 HIGH PATCH This Week

An issue was discovered in the metrics-util crate before 0.7.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Race Condition Metrics Util
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-23244 HIGH This Week

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-21750 HIGH This Week

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zte Privilege Escalation Authentication Bypass Zxin10 Cms
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-4161 HIGH This Week

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mgate Mb3180 Firmware Mgate Mb3280 Firmware Mgate Mb3480 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-24998 HIGH PATCH This Week

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP Information Disclosure Simple Jwt Login
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-45711 HIGH PATCH This Week

An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simple Asn1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-45708 HIGH This Week

An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Abomonation
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-45702 HIGH PATCH This Week

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Tremor Script
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45700 HIGH PATCH This Week

An issue was discovered in the ckb crate before 0.40.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ckb
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45699 HIGH PATCH This Week

An issue was discovered in the ckb crate before 0.40.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ckb
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-45694 HIGH This Week

An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rdiff
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45681 HIGH PATCH This Week

An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Derive Com Impl
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45680 HIGH PATCH This Week

An issue was discovered in the vec-const crate before 2.0.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vec Const
NVD
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy