Skip to main content
CVE-2021-25298 HIGH POC KEV THREAT Act Now

Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection PHP Nagios Xi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
75.2%
Threat
7.0
CVE-2021-25296 HIGH POC KEV THREAT Act Now

Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection PHP Nagios Xi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
71.7%
Threat
6.9
CVE-2021-25297 HIGH POC KEV THREAT Act Now

Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection PHP Nagios Xi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
42.9%
Threat
6.0
CVE-2021-25299 MEDIUM POC THREAT This Month

Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 97.7%.

XSS PHP Nagios Xi
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
97.7%
Threat
5.7
CVE-2021-3239 CRITICAL POC THREAT Act Now

E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE E Learning System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
17.9%
CVE-2021-26822 CRITICAL POC Act Now

Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Teachers Record Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.8%
CVE-2021-26201 CRITICAL POC Act Now

The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Casap Automated Enrollment System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-26200 CRITICAL POC Act Now

The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Library System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-3375 CRITICAL POC Act Now

ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption Activepresenter
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-27201 HIGH POC This Week

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Firewall Community
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-27219 HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-23338 HIGH POC PATCH This Week

This affects all versions of package qlib. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Qlib
NVD GitHub
CVSS 3.1
7.2
EPSS
3.6%
CVE-2021-23337 HIGH POC PATCH THREAT This Week

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Code Injection Lodash Banking Corporate Lending Process Management +21
NVD GitHub
CVSS 3.1
7.2
EPSS
22.4%
CVE-2021-23336 MEDIUM POC PATCH THREAT This Month

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Request Smuggling Python Information Disclosure Fedora Debian Linux +9
NVD GitHub
CVSS 3.1
5.9
EPSS
36.0%
CVE-2021-21511 HIGH This Week

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Avamar Server Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-27211 HIGH This Week

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Steghide
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-27218 HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2021-21702 HIGH PATCH This Week

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference PHP Denial Of Service Debian Linux Clustered Data Ontap +1
NVD
CVSS 3.1
7.5
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy