Skip to main content
CVE-2021-27320 HIGH POC This Week

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doctor Appointment System
NVD
CVSS 3.1
7.5
EPSS
9.3%
CVE-2021-27319 HIGH POC This Week

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doctor Appointment System
NVD
CVSS 3.1
7.5
EPSS
7.8%
CVE-2021-27316 HIGH POC This Week

Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doctor Appointment System
NVD
CVSS 3.1
7.5
EPSS
7.8%
CVE-2021-27315 HIGH POC This Week

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doctor Appointment System
NVD
CVSS 3.1
7.5
EPSS
7.8%
CVE-2021-1384 HIGH POC THREAT This Week

A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD GitHub
CVSS 3.1
7.2
EPSS
35.4%
CVE-2021-1383 MEDIUM POC This Month

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Apple Information Disclosure Ios Xe Ios Xe Sd Wan
NVD GitHub
CVSS 3.1
6.7
EPSS
0.6%
CVE-2021-1382 MEDIUM POC This Month

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD GitHub
CVSS 3.1
6.7
EPSS
0.7%
CVE-2021-1385 MEDIUM POC This Month

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Path Traversal iOS Ios Xe
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2021-1411 CRITICAL Act Now

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Microsoft Denial Of Service Jabber
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2021-21386 CRITICAL PATCH Act Now

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Information Disclosure Apkleaks
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-1451 CRITICAL Act Now

A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Apple Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-28967 CRITICAL PATCH Act Now

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Matlab
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-29133 MEDIUM POC PATCH This Month

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Haserl
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-29002 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Plone
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-22178 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 13.2. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
5.0
EPSS
1.1%
CVE-2021-22192 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab
NVD
CVSS 3.1
8.8
EPSS
13.1%
CVE-2021-29033 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29032 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29031 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-29030 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29029 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29028 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29027 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29026 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29025 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitweaver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-1373 HIGH This Week

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Denial Of Service Cisco Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2021-1433 HIGH This Week

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Apple Denial Of Service Cisco Ios Xe
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2021-1442 HIGH This Week

A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1392 HIGH This Week

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure iOS Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1460 HIGH This Week

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service iOS Cgr1000 Firmware Ic3000 Industrial Compute Gateway Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-1446 HIGH This Week

A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-1437 HIGH This Week

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Aironet Access Point Software Catalyst 9800 Firmware Wireless Lan Controller Software
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-1431 HIGH This Week

A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22193 LOW POC Monitor

An issue has been discovered in GitLab affecting all versions starting with 7.1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
1.0%
CVE-2021-28362 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Contiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-21385 HIGH PATCH This Week

Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Google Information Disclosure Mifos Mobile
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2021-1439 HIGH This Week

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Aironet Access Point Software Catalyst 9800 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-1403 HIGH This Week

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2021-1432 HIGH This Week

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Code Injection Ios Xe Ios Xe Sd Wan
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-1469 HIGH This Week

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Microsoft Denial Of Service Jabber
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-1443 HIGH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple RCE Command Injection Ios Xe
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2021-1435 HIGH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Path Traversal Ios Xe
NVD
CVSS 3.1
7.2
EPSS
7.9%
CVE-2021-1453 MEDIUM This Month

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Jwt Attack Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-1452 MEDIUM This Month

A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe Rom Monitor
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-1398 MEDIUM This Month

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple RCE Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-1376 MEDIUM This Month

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE Jwt Attack Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1375 MEDIUM This Month

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE Jwt Attack Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1281 MEDIUM This Month

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1454 MEDIUM This Month

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe Ios Xe Sd Wan
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1449 MEDIUM This Month

A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Aironet Access Point Software Catalyst 9800 Firmware Wireless Lan Controller Software
NVD
CVSS 3.1
6.7
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy