2021 CVEs

23431 CVEs published in 2021. 2690 critical, 9486 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2021
CVESeverityScorePublishedSummary
CVE-2021-35402Critical10.02026-02-20PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for sate…
CVE-2021-47667Critical10.02025-04-05An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbit…
CVE-2021-4434Critical10.02024-01-17The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows…
CVE-2021-32495Critical10.02023-07-07Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to ca…
CVE-2021-32494Critical10.02023-07-07Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial o…
CVE-2021-33796Critical10.02023-07-07In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
CVE-2021-33970Critical10.02023-04-19Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.
CVE-2021-33975Critical10.02023-04-19Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges.
CVE-2021-33972Critical10.02023-04-19Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges.
CVE-2021-4140Critical10.02022-12-22It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96…
CVE-2021-38397Critical10.02022-10-28Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbi…
CVE-2021-36206Critical10.02022-10-28All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data w…
CVE-2021-26730Critical10.02022-10-24A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code…
CVE-2021-26729Critical10.02022-10-24Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute…
CVE-2021-26728Critical10.02022-10-24Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary cod…
CVE-2021-26727Critical10.02022-10-24Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execut…
CVE-2021-41556Critical10.02022-07-28sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim e…
CVE-2021-41037Critical10.02022-07-08In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoin…
CVE-2021-27446Critical10.02022-05-16The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on th…
CVE-2021-42645Critical10.02022-05-10CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to uploa…