Skip to main content
CVE-2021-23356 CRITICAL POC Act Now

This affects all versions of package kill-process-by-name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Kill Process By Name
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-23355 CRITICAL POC Act Now

This affects all versions of package ps-kill. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ps Kill
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-27230 HIGH POC This Week

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Expressionengine
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-27946 HIGH POC PATCH This Week

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Mybb
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-27890 HIGH POC PATCH THREAT This Week

SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Mybb
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
10.6%
CVE-2021-28379 HIGH POC PATCH This Week

web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Myvesta Vesta Control Panel
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
6.0%
CVE-2021-27695 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building &. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmaint
NVD Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2021-27889 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mybb
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.1%
CVE-2021-26987 CRITICAL Act Now

Element Plug-in for vCenter Server incorporates SpringBoot Framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Spring Boot Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +1
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-27817 CRITICAL Act Now

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Shopxo
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-20280 MEDIUM POC PATCH This Month

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS SSRF Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-28378 MEDIUM POC PATCH This Month

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Gitea
NVD GitHub
CVSS 3.1
5.4
EPSS
8.8%
CVE-2021-23357 MEDIUM POC This Month

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tyk
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-25667 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Siemens Ruggedcom Rm1224 Firmware +14
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-22191 HIGH PATCH This Week

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Wireshark Zfs Storage Appliance Debian Linux
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2021-25672 HIGH This Week

A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Forgot Password
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-27891 HIGH This Week

SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Tectia Client Tectia Connectsecure Tectia Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-20179 HIGH PATCH This Week

A flaw was found in pki-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Dogtagpki Certificate System Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-27381 HIGH This Week

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-27380 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Solid Edge
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-27892 HIGH This Week

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Tectia Client Tectia Connectsecure Tectia Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28375 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.11.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Linux Authentication Bypass Linux Kernel Fedora Cloud Backup +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-24029 HIGH PATCH This Week

A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mvfst Proxygen
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-25676 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rm1224 Firmware Scalance M 800 Firmware Scalance S615 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-26923 HIGH PATCH This Week

An issue was discovered in Argo CD before 1.8.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-27576 HIGH PATCH This Week

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-28374 HIGH This Week

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Debian Information Disclosure Courier Authlib Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-27948 HIGH PATCH This Week

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi Mybb
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-27947 HIGH PATCH This Week

SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi Mybb
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-27893 HIGH This Week

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation Tectia Client Tectia Connectsecure Tectia Server
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-27208 MEDIUM This Month

When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zynq 7000S Firmware Zynq 7000 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-23879 MEDIUM This Month

Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Endpoint Product Removal Tool
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-28363 MEDIUM PATCH This Month

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Urllib3 Fedora Peoplesoft Enterprise Peopletools
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2021-3167 MEDIUM This Month

In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Engineering
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3418 MEDIUM This Month

If certificates that signed grub are installed into db, grub can be booted directly. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Grub2
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2021-3150 MEDIUM This Month

A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cryptshare Server
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-27949 MEDIUM PATCH This Month

Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-26924 MEDIUM PATCH This Month

An issue was discovered in Argo CD before 1.8.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Argo Cd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-25675 MEDIUM This Month

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic S7 Plcsim
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25674 MEDIUM This Month

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Simatic S7 Plcsim
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25673 MEDIUM This Month

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Simatic S7 Plcsim
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20279 MEDIUM PATCH This Month

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-20282 MEDIUM PATCH This Month

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-20281 MEDIUM PATCH This Month

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-20283 MEDIUM PATCH This Month

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-20440 MEDIUM This Month

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20286 LOW PATCH Monitor

A flaw was found in libnbd 1.7.3. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libnbd Enterprise Linux
NVD
CVSS 3.1
2.7
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy