Skip to main content
CVE-2021-4187 HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-23727 HIGH POC PATCH This Week

This affects the package celery before 5.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Celery Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-25991 HIGH POC PATCH This Week

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Ifme
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2021-4176 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-36722 CRITICAL Act Now

Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Emuse Eservices Envoice
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38687 CRITICAL Act Now

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qnap Surveillance Station
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-25993 MEDIUM POC PATCH This Month

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-4175 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-25990 MEDIUM POC PATCH This Month

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Ifme
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25989 MEDIUM POC PATCH This Month

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Ifme
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25988 MEDIUM POC PATCH This Month

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Ifme
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-35034 CRITICAL Act Now

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nbg6604 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-43876 HIGH PATCH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-44161 HIGH This Week

Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Motp
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-45885 HIGH This Week

An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Network Security
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-36723 HIGH This Week

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emuse Eservices Envoice
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-38688 HIGH This Week

An improper authentication vulnerability has been reported to affect Android App Qfile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Qfile
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-44160 HIGH This Week

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Carinal Tien Hospital Health Report System
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2021-35035 MEDIUM This Month

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nbg6604 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-38680 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap XSS Kazoo Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-36724 MEDIUM This Month

ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Secureconnector
NVD
CVSS 3.1
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy