Skip to main content
CVE-2021-24145 HIGH POC THREAT Act Now

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Modern Events Calendar Lite
NVD WPScan Exploit-DB
CVSS 3.1
7.2
EPSS
88.2%
CVE-2021-24149 HIGH POC This Week

Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Modern Events Calendar Lite
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24137 HIGH POC This Week

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Blog2Social
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24132 HIGH POC This Week

The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-23359 HIGH POC This Week

This affects all versions of package port-killer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Port Killer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-26236 HIGH POC This Week

FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Image Viewer
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-27358 HIGH POC PATCH THREAT This Week

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Denial Of Service E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
83.0%
CVE-2021-26935 HIGH POC This Week

In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wowonder
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-24146 HIGH POC THREAT This Week

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Modern Events Calendar Lite
NVD WPScan Exploit-DB
CVSS 3.1
7.5
EPSS
31.0%
CVE-2021-24131 HIGH POC This Week

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Anti Spam
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-24130 HIGH POC This Week

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress SQLi Wp Maps
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-24125 HIGH POC This Week

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Contact Form Submissions
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24123 HIGH POC This Week

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Powerpress
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-28419 HIGH POC THREAT This Week

The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seo Panel
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
10.7%
CVE-2021-24143 HIGH This Week

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Accesspress Social Icons
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21627 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Libvirt Agents
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-20678 HIGH This Week

SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Paid Memberships Pro
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-22665 HIGH This Week

Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Privilege Escalation Drivetools Add On Profiles Drivetools Sp
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28792 HIGH This Week

The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Swift Development Environment
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-28791 HIGH This Week

The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Swiftformat
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-28790 HIGH This Week

The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Swiftlint
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-28789 HIGH This Week

The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Apple Swift Format
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-24144 HIGH This Week

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Contact Form 7 Database Addon
NVD WPScan
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-26237 HIGH This Week

FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption Image Viewer
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-26235 HIGH This Week

FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service Image Viewer
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-26234 HIGH This Week

FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption Image Viewer
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-26233 HIGH This Week

FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption Image Viewer
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-3141 HIGH This Week

In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Stealth
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27656 HIGH PATCH This Week

A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Exacqvision Web Service
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-27306 HIGH This Week

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kong Gateway
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-28667 HIGH PATCH This Week

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Stackstorm
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-1287 HIGH This Week

A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Stack Overflow Denial Of Service +2
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-24142 HIGH This Week

Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi 301 Redirects
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-24141 HIGH This Week

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Advanced Database Cleaner
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-24140 HIGH This Week

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Ajax Load More
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy