2021 CVEs
23431 CVEs published in 2021. 2690 critical, 9486 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-35402 | Critical | 10.0 | 2026-02-20 | PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for sate… |
CVE-2021-47667 | Critical | 10.0 | 2025-04-05 | An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbit… |
CVE-2021-4434 | Critical | 10.0 | 2024-01-17 | The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows… |
CVE-2021-32495 | Critical | 10.0 | 2023-07-07 | Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to ca… |
CVE-2021-32494 | Critical | 10.0 | 2023-07-07 | Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial o… |
CVE-2021-33796 | Critical | 10.0 | 2023-07-07 | In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. |
CVE-2021-33970 | Critical | 10.0 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. |
CVE-2021-33975 | Critical | 10.0 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges. |
CVE-2021-33972 | Critical | 10.0 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges. |
CVE-2021-4140 | Critical | 10.0 | 2022-12-22 | It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96… |
CVE-2021-38397 | Critical | 10.0 | 2022-10-28 | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbi… |
CVE-2021-36206 | Critical | 10.0 | 2022-10-28 | All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data w… |
CVE-2021-26730 | Critical | 10.0 | 2022-10-24 | A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code… |
CVE-2021-26729 | Critical | 10.0 | 2022-10-24 | Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute… |
CVE-2021-26728 | Critical | 10.0 | 2022-10-24 | Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary cod… |
CVE-2021-26727 | Critical | 10.0 | 2022-10-24 | Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execut… |
CVE-2021-41556 | Critical | 10.0 | 2022-07-28 | sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim e… |
CVE-2021-41037 | Critical | 10.0 | 2022-07-08 | In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoin… |
CVE-2021-27446 | Critical | 10.0 | 2022-05-16 | The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on th… |
CVE-2021-42645 | Critical | 10.0 | 2022-05-10 | CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to uploa… |