Skip to main content
CVE-2021-21425 CRITICAL POC THREAT Emergency

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Grav Plugin Admin
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
80.6%
CVE-2021-30177 CRITICAL POC Act Now

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Php Nuke
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-26709 CRITICAL POC THREAT Act Now

D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dsl 320B D1
NVD
CVSS 3.1
9.8
EPSS
40.1%
CVE-2021-29641 HIGH POC This Week

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE PHP Apache File Upload +1
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2021-26758 HIGH POC This Week

Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openlitespeed
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-30123 HIGH POC This Week

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ffmpeg
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2021-30147 HIGH POC This Week

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Radius Manager
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.5%
CVE-2021-28927 HIGH POC PATCH This Week

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Microsoft Retroarch
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-30184 HIGH POC This Week

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Chess Fedora
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-30457 CRITICAL Act Now

An issue was discovered in the id-map crate through 2021-02-26 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Id Map
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-30456 CRITICAL Act Now

An issue was discovered in the id-map crate through 2021-02-26 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Id Map
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-30455 CRITICAL Act Now

An issue was discovered in the id-map crate through 2021-02-26 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Id Map
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-30454 CRITICAL PATCH Act Now

An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Outer Cgi
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-30246 CRITICAL PATCH Act Now

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Node.js Jwt Attack Jsrsasign
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-20687 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Kagemai
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29627 HIGH This Week

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-1892 HIGH This Week

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Aqt1000 Firmware Pm8005 Firmware +52
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30185 HIGH PATCH This Week

CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Indico
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20692 HIGH This Week

Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Archive Collectively Operation Utility
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-28166 MEDIUM PATCH This Month

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Mosquitto
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20691 MEDIUM This Month

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yomi Search
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20690 MEDIUM This Month

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yomi Search
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20689 MEDIUM This Month

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yomi Search
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20688 MEDIUM This Month

Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Click Ranker
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20686 MEDIUM This Month

Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kagemai
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20685 MEDIUM This Month

Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kagemai
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20684 MEDIUM This Month

Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Magazinegerz
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29626 MEDIUM This Month

In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Freebsd
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-30178 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.11.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21641 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Promoted Builds
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-21640 MEDIUM PATCH This Month

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2021-21639 MEDIUM PATCH This Month

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy