LiveActive security incident?Get immediate response
CVE archive

2021 CVE Archive

Browse CVE records published in 2021 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 22585 matching CVEs · Page 3 of 452.

Unknown · CVSS Not scored

CVE-2021-37223: Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedul...

Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.

Published Oct 5, 2021 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-36581: Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload.

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.

Published Sep 14, 2021 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-36460: VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the h...

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless.

Published Apr 25, 2022 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-34204: D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials.

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

Published Jun 16, 2021 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-34203: D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control.

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed.

Published Jun 16, 2021 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-34202: There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04.

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.

Published Jun 16, 2021 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-34201: D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow.

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.

Published Jun 16, 2021 · Updated Jul 9, 2026