Skip to main content
CVE-2021-28294 CRITICAL POC Act Now

Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Ordering System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-25916 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Patchmerge
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-21192 HIGH POC This Week

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21191 HIGH POC This Week

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-3127 HIGH POC PATCH This Week

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nats Server Jwt Library
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-28295 HIGH POC THREAT This Week

Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure Online Ordering System
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
15.9%
CVE-2021-28381 CRITICAL PATCH Act Now

The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Vhs
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-3344 HIGH PATCH This Week

A privilege escalation flaw was found in OpenShift builder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Privilege Escalation Openshift Builder Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-21193 HIGH KEV THREAT This Week

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
9.9%
CVE-2021-28543 HIGH This Week

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Varnish Modules Varnish Modules Klarlack Fedora
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-20218 HIGH PATCH This Week

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Kubernetes Path Traversal Kubernetes Client A Mq Online Build Of Quarkus +6
NVD GitHub
CVSS 3.1
7.4
EPSS
1.3%
CVE-2021-27938 MEDIUM PATCH This Month

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Silverstripe Queued Jobs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-28380 MEDIUM PATCH This Month

The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Aimeos
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22887 LOW PATCH Monitor

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Information Disclosure Ivanti Psa 5000 Firmware Psa 7000 Firmware X10Slh F Firmware +7
NVD
CVSS 3.1
2.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy