Skip to main content
CVE-2021-20308 CRITICAL POC Act Now

Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service RCE Htmldoc Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-24212 CRITICAL POC Act Now

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Help Scout
NVD WPScan
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-24175 CRITICAL POC THREAT Act Now

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass The Plus Addons For Elementor
NVD WPScan
CVSS 3.1
9.8
EPSS
14.5%
CVE-2021-29996 CRITICAL POC Act Now

Mark Text through 0.16.3 allows attackers arbitrary command execution. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Marktext
NVD GitHub
CVSS 3.1
9.6
EPSS
2.8%
CVE-2021-20307 CRITICAL Act Now

Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libpano13 Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-24171 CRITICAL Act Now

The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload Path Traversal Woocommerce Upload Files
NVD WPScan
CVSS 3.1
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy