Skip to main content
CVE-2020-24913 CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.0%.

SQLi PHP Qcubed
NVD VulDB
CVSS 3.1
9.8
EPSS
44.0%
Threat
4.8
CVE-2020-24914 CRITICAL POC PATCH Act Now

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization PHP Qcubed
NVD VulDB
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-26293 CRITICAL POC Act Now

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora Webmail Pro
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2021-23344 CRITICAL POC PATCH Act Now

The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-24036 HIGH POC This Week

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Fork Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-3404 HIGH POC This Week

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ytnef Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-3403 HIGH POC This Week

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Ytnef Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-23132 HIGH POC This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2020-24912 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Qcubed
NVD VulDB
CVSS 3.1
6.1
EPSS
6.3%
CVE-2021-25346 CRITICAL Act Now

A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-24031 MEDIUM POC This Month

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zstandard
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-23346 MEDIUM POC PATCH This Month

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Html Parse Stringify
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-23128 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-23127 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-27217 MEDIUM POC This Month

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Yubihsm Shell
NVD GitHub
CVSS 3.1
4.4
EPSS
1.6%
CVE-2021-23131 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-22189 HIGH This Week

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Gitlab Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-25337 HIGH POC KEV THREAT This Week

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Privilege Escalation Android
NVD
CVSS 3.1
7.1
EPSS
2.8%
CVE-2021-26989 MEDIUM PATCH This Month

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Data Ontap
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-23130 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-23129 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-25345 MEDIUM This Month

Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25344 MEDIUM This Month

Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25334 MEDIUM This Month

Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-26028 MEDIUM PATCH This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Joomla
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20351 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20350 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20340 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22183 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting with 11.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-25347 MEDIUM This Month

Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-26029 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-26027 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-23126 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-25339 MEDIUM This Month

Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2021-25338 MEDIUM This Month

Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2021-24032 MEDIUM PATCH This Month

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions. Rated medium severity (CVSS 4.7).

Information Disclosure Zstandard
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-22128 MEDIUM This Month

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-26988 LOW PATCH Monitor

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Data Ontap
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2021-25343 LOW Monitor

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Denial Of Service Authentication Bypass Members
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25342 LOW Monitor

Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Members
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25341 LOW Monitor

Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass S Assistant
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25336 LOW Monitor

Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25335 LOW Monitor

Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the. Rated low severity (CVSS 2.5). No vendor patch available.

Samsung Information Disclosure One Ui Android
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2021-25348 LOW Monitor

Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2021-25340 LOW Monitor

Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2021-25333 LOW Monitor

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Authentication Bypass Pay Mini
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2021-25332 LOW Monitor

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Authentication Bypass Pay Mini
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2021-25331 LOW Monitor

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Authentication Bypass Pay Mini
NVD
CVSS 3.1
2.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy